'[oss-security] Linux kernel: memory corruptions in IPv4/IPv6 TCP/SCTP/DCCP sockets'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Linux kernel: memory corruptions in IPv4/IPv6 TCP/SCTP/DCCP sockets
From:       Andrey Konovalov <andreyknvl () google ! com>
Date:       2017-05-30 19:12:21
Message-ID: CAAeHK+zP+B4b=qDFBcivEt4O7ruLcE3rfSrSXs_9ZbixmX-FqQ () mail ! gmail ! com
[Download RAW message or body]

A few CVEs were assigned for similar bugs causing kernel memory
corruption (use-after-free followed by a double-free) in IPv4/IPv6
TCP/SCTP/DCCP sockets. The details are below.

The bugs were found with syzkaller.

* CVE-2017-8890

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in
the Linux kernel through 4.10.15 allows attackers to cause a denial of
service (double free) or possibly have unspecified other impact by
leveraging use of the accept system call.

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a


* CVE-2017-9075

The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users
to cause a denial of service or possibly have unspecified other impact
via crafted system calls, a related issue to CVE-2017-8890.

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8


* CVE-2017-9076

The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users
to cause a denial of service or possibly have unspecified other impact
via crafted system calls, a related issue to CVE-2017-8890.

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52


* CVE-2017-9077

The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users
to cause a denial of service or possibly have unspecified other impact
via crafted system calls, a related issue to CVE-2017-8890.

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic