cleanups in sock_setsockopt() in kernel-net CVE-2012-6704
asked 2017-07-20 13:04:45 +0200
This post is a wiki. Anyone with karma >75 is welcome to improve it.
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. CVSS v3 Base Score: 7.8high (attack range: local)
Patch is available (kernel-3.5 and kernel-3.2 patch are equal, so no problem for kernel-3.4-sbj)...
file affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/core/sock.c lines 577-598 ; 607-617 ; 629-636 ; 981-987 ; 1017-1023
Could you rather post all that on the devel ML? I think you are a bit polluting TJC here :/
Sthocs ( 2017-08-10 13:11:49 +0200 )editI disagree. TJC is, among other things, for bugreports too. I, for one, am interested in reading about unpatched vulnerabilities in my phone (even though copypasting them here won't motivate the dev team to address them any sooner).
Also, this guy even posts them as "wikis" to avoid getting karma!
ScumCoder ( 2017-08-10 16:01:48 +0200 )edit@Sthocs , I think ML & jolla-security-email are the right place for vulnerabilities in jolla-code (e.g. libhybris) not for public-available kernel-patches... ML would make most sense in development of patches together with community
lpr ( 2017-08-11 10:56:18 +0200 )edit@ScumCoder , I disagree: It will motivate dev team to patch vulnerabilities at all. I don't think the bunch of kernel-fixes in 2.1.1/jämsänjoki would have happened in this amount without copy-pasted vulnerability reports in TJC
lpr ( 2017-08-11 11:02:04 +0200 )editFair enough, then a single post with the whole list like before was probably ok too. (I also don't think it will "motivate" devs to address them sooner, but they will definitely use the list when they work on it!)
Sthocs ( 2017-08-15 00:57:42 +0200 )edit