do not inherit ipv6_mc_list from parent in kernel-net-ipv6 CVE-2017-9077

Tracked by Jolla

asked 2017-07-06 15:43:46 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-07-06 15:53:22 +0300

lpr gravatar image

Description
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVSS v3 Base Score: 7.8 High local

related to CVE-2017-8890

Patch available upstream.

Files affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/dccp/ipv6.c lines 499-503; 575-580
kernel-adaptation-sbj-3.4.108.20161101.1/net/ipv6/tcp_ipv6.c lines 1277-1282; 1344-1349

edit retag flag offensive close delete