[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Linux kernel: CVE-2017-9242: out-of-bounds write in __ip6_append_data
From: Andrey Konovalov <andreyknvl () google ! com>
Date: 2017-05-30 19:12:40
Message-ID: CAAeHK+wzhV4PBENUzD5SeCp_vjtT84B-ER+cWU9=FvZxfavJhw () mail ! gmail ! com
[Download RAW message or body]
The following CVE was assigned for an out-of-bounds write in IPv6
socket buffers.
The bug was found with syzkaller.
* CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux
kernel through 4.11.3 is too late in checking whether an overwrite of
an skb data structure may occur, which allows local users to cause a
denial of service (system crash) via crafted system calls.
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic