[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Linux kernel: fixed bug in net/core/flow_dissector.c
From:       Alexander Popov <alex.popov () linux ! com>
Date:       2017-08-29 9:46:24
Message-ID: 50169957-6b4a-9e6e-e8d2-8e09918e6cbc () linux ! com
[Download RAW message or body]

On 24.08.2017 21:03, Seth Arnold wrote:
> On Thu, Aug 24, 2017 at 05:52:45PM +0300, Alexander Popov wrote:
>> I was asked to investigate a suspicious kernel crash on some Linux
>> server. It is at least a remote DoS (and maybe RCE): Linux is crashed by
>> receiving a single special MPLS packet.
>>
>> I bisected and found out that the bug was introduced in
>> commit b3baa0fbd02a1a9d493d8cb92ae4a4491b9e9d13
>> And was later fixed it in
>> commit a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0
> 
>> Is it worth requesting a CVE ID for that issue?
> 
> I think it is, it's an easy way to make sure all downstream consumers
> are alerted to the issue.

I've requested a CVE ID at https://cveform.mitre.org/ and got
CVE-2017-13715 for this issue.

Best regards,
Alexander
[prev in list] [next in list] [prev in thread] [next in thread]