oss-sec mailing list archives
Re: CVE request: kernel: ipv6: skb is unexpectedly freed (remote DoS)
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 30 Mar 2010 15:38:34 -0400 (EDT)
On Mon, 29 Mar 2010, Eugene Teo wrote:
Upstream commit: http://git.kernel.org/linus/fb7e2399ec17f1004c0e0ccfd17439f8759ede01
I'm not clear on the role of ipv6 here. The affected code is in ipv4/tcp_input.c and there's no mention of tcp_v6_conn_request() there.
I'm guessing this was fixed in Linux 2.6.20.Arguably this could have been given a 2007 ID, but the patch didn't clearly label the problem as a security issue, so I will treat Eugene's request as the first widely-public disclosure - thus a 2010 date.
Use CVE-2010-1188 - Steve
Current thread:
- CVE request: kernel: ipv6: skb is unexpectedly freed (remote DoS) Eugene Teo (Mar 28)
- Re: CVE request: kernel: ipv6: skb is unexpectedly freed (remote DoS) Steven M. Christey (Mar 30)
- Re: CVE request: kernel: ipv6: skb is unexpectedly freed (remote DoS) Eugene Teo (Mar 30)
- Re: CVE request: kernel: ipv6: skb is unexpectedly freed (remote DoS) Steven M. Christey (Mar 30)