cleanups in sock_setsockopt() in kernel-net CVE-2012-6704

asked 2017-07-20 13:04:45 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-08-24 09:24:36 +0300

lpr gravatar image

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. CVSS v3 Base Score: 7.8high (attack range: local)

Patch available (kernel-3.5 and kernel-3.2 patch are the same, so no problem for kernel-3.4-sbj)...

file affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/core/sock.c lines 577-598 ; 607-617 ; 629-636 ; 981-987 ; 1017-1023

edit retag flag offensive close delete

Comments

Could you rather post all that on the devel ML? I think you are a bit polluting TJC here :/

Sthocs ( 2017-08-10 13:11:49 +0300 )edit
2

I disagree. TJC is, among other things, for bugreports too. I, for one, am interested in reading about unpatched vulnerabilities in my phone (even though copypasting them here won't motivate the dev team to address them any sooner).

Also, this guy even posts them as "wikis" to avoid getting karma!

ScumCoder ( 2017-08-10 16:01:48 +0300 )edit

@Sthocs , I think ML & jolla-security-email are the right place for vulnerabilities in jolla-code (e.g. libhybris) not for public-available kernel-patches... ML would make most sense in development of patches together with community

lpr ( 2017-08-11 10:56:18 +0300 )edit

@ScumCoder , I disagree: It will motivate dev team to patch vulnerabilities at all. I don't think the bunch of kernel-fixes in 2.1.1/jämsänjoki would have happened in this amount without copy-pasted vulnerability reports in TJC

lpr ( 2017-08-11 11:02:04 +0300 )edit

Fair enough, then a single post with the whole list like before was probably ok too. (I also don't think it will "motivate" devs to address them sooner, but they will definitely use the list when they work on it!)

Sthocs ( 2017-08-15 00:57:42 +0300 )edit