[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Linux: packet: fix races in fanout_add() (CVE-2017-6346)
From:       Salvatore Bonaccorso <carnil () debian ! org>
Date:       2017-02-28 16:25:24
Message-ID: 20170228162524.47jesr3zopycriir () eldamar ! local
[Download RAW message or body]

Hi

CVE-2017-6346 was assigned by MITRE to the following (via
https://cveform.mitre.org/):

https://git.kernel.org/linus/d199fab63c11998a602205f7ee7ff7c05c97164b

> packet: fix races in fanout_add()
> 
> Multiple threads can call fanout_add() at the same time.
> 
> We need to grab fanout_mutex earlier to avoid races that could
> lead to one thread freeing po->rollover that was set by another thread.
> 
> Do the same in fanout_release(), for peace of mind, and to help us
> finding lockdep issues earlier.

Since 4.2 the races can lead to a use-after-free.

The fix was backported to 4.9.13 as well.

Regards,
Salvatore
[prev in list] [next in list] [prev in thread] [next in thread]