oss-sec mailing list archives

CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption

From: Marcus Meissner <meissner () suse de>
Date: Thu, 10 Mar 2016 10:25:49 +0100

Hi,

From the P0 team at Google:


https://code.google.com/p/google-security-research/issues/detail?id=758

A memory corruption vulnerability exists in the IPT_SO_SET_REPLACE ioctl in the netfilter code for iptables support. 
This ioctl is can be triggered by an unprivileged user on PF_INET sockets when unprivileged user namespaces are 
available (CONFIG_USER_NS=y). Android does not enable this option, but desktop/server distributions and Chrome OS will 
commonly enable this to allow for containers support or sandboxing.
...

I think this needs a CVE.

Ciao, Marcus

Current thread:

CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption Marcus Meissner (Mar 10)
- Re: CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption Steve Beattie (Mar 10)
- Re: CVE Request: Linux Kernel: Linux netfilter IPT_SO_SET_REPLACE memory corruption cve-assign (Mar 13)