[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Linux kernel: memory corruptions in IPv4/IPv6 TCP/SCTP/DCCP sockets
From: Andrey Konovalov <andreyknvl () google ! com>
Date: 2017-05-30 19:12:21
Message-ID: CAAeHK+zP+B4b=qDFBcivEt4O7ruLcE3rfSrSXs_9ZbixmX-FqQ () mail ! gmail ! com
[Download RAW message or body]
A few CVEs were assigned for similar bugs causing kernel memory
corruption (use-after-free followed by a double-free) in IPv4/IPv6
TCP/SCTP/DCCP sockets. The details are below.
The bugs were found with syzkaller.
* CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in
the Linux kernel through 4.10.15 allows attackers to cause a denial of
service (double free) or possibly have unspecified other impact by
leveraging use of the accept system call.
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a
* CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users
to cause a denial of service or possibly have unspecified other impact
via crafted system calls, a related issue to CVE-2017-8890.
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
* CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users
to cause a denial of service or possibly have unspecified other impact
via crafted system calls, a related issue to CVE-2017-8890.
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52
* CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users
to cause a denial of service or possibly have unspecified other impact
via crafted system calls, a related issue to CVE-2017-8890.
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic