oss-sec mailing list archives

Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service

From: Hannes Frederic Sowa <hannes () stressinduktion org>
Date: Fri, 11 Dec 2015 18:47:35 +0100

Hello,

On 11.12.2015 17:41, cve-assign () mitre org wrote:

net/ipv4/af_inet.c
inet_autobind

if (sk->sk_prot->get_port(sk, 0)) {

if the sk->sk_prot->get_port is NULL

[ an unanticipated condition ]

Solution:
if (sk->sk_prot->get_port &&sk->sk_prot->get_port(sk, 0)) {

From: Hannes Frederic Sowa <hannes () stressinduktion org>
Date: Wed, 9 Dec 2015 15:31:32 +0100

I fear your solution
just papers over the bug and will leave the port in a half initialized
state.


Use CVE-2015-8543 for the originally identified bug. We realize that,
for example,
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/net/ipv4/af_inet.c
has not yet been changed. If Linux kernel developers determine that
multiple independent bugs result in situations where
sk->sk_prot->get_port is NULL above, then it is possible that
additional CVE IDs will be assigned later.


I have a fix in my queue and push it to stable, soon. Thanks again for
this report!

Bye,
Hannes

Current thread:

CVE request - Android kernel - IPv6 connect cause a denial of service 郭永刚 (Dec 09)
- Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 09)
- Re: CVE request - Android kernel - IPv6 connect cause a denial of service Robert Święcki (Dec 09)
- Re: CVE request - Android kernel - IPv6 connect cause a denial of service cve-assign (Dec 11)
  - Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 11)
  - Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 14)
    - Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Robert Święcki (Dec 14)
    - Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 14)