21 Oct 02:58
Re: CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter
From: Eugene Teo <eteo@...>
Subject: Re: CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter
Newsgroups: gmane.comp.security.oss.general
Date: 2008-10-21 00:58:26 GMT
Subject: Re: CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter
Newsgroups: gmane.comp.security.oss.general
Date: 2008-10-21 00:58:26 GMT
Eugene Teo wrote: > This was committed in upstream kernel recently. > > "[PATCH] sctp: Fix kernel panic while process protocol violation parameter > > Since call to function sctp_sf_abort_violation() need paramter 'arg' > with 'struct sctp_chunk' type, it will read the chunk type and chunk > length from the chunk_hdr member of chunk. But call to > sctp_sf_violation_paramlen() always with 'struct sctp_paramhdr' type's > parameter, it will be passed to sctp_sf_abort_violation(). This may > cause kernel panic." > > Upstream commit: ba0166708ef4da7eeb61dd92bbba4d5a749d6561 > > This is user-triggerable. Ping Steve. This needs a CVE name too. Thanks! Eugene
RSS Feed