do not inherit ipv6_mc_list from parent in kernel-net-ipv6 CVE-2017-9077 and do not inherit ipv6_{mc|ac|fl}_list from parent in kernel-net-sctp CVE-2017-9075 and do not inherit ipv6_mc_list from parent in kernel-ipv6-dccp CVE-2017-9076
asked 2017-07-06 15:43:46 +0200
This post is a wiki. Anyone with karma >75 is welcome to improve it.
Description
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVSS v3 Base Score: 7.8 High local
Description
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVSS v3 Base Score: 7.8 High local
Description
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.
related to CVE-2017-8890
Patch available upstream. Patch for CVE-2017-9075 available upstream and for kernel-3.2 (both equal, so suitable for our kernel-3.4 too)
Patch for CVE-2017-9076 available upstream and for kernel-3.2 (both equal, so suitable for our kernel-3.4 too)
Files affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/dccp/ipv6.c lines 499-503; 575-580
kernel-adaptation-sbj-3.4.108.20161101.1/net/ipv6/tcp_ipv6.c lines 1277-1282; 1344-1349
kernel-adaptation-sbj-3.4.108.20161101.1/net/sctp/ipv6.c lines 651-654
added CVE-2017-9075 as it is part of bulletin and fixed in SFOS2.1.1 for p4903 only (together with CVE-2017-9077 and CVE-2017-8890)
lpr ( 2017-10-04 15:54:20 +0200 )edit@lpr Thanks for keeping an eye on all the CVE incidents and your really well documented issues for Sailfish OS.
Nekron ( 2017-11-09 14:04:39 +0200 )edit