fix overflow in check for priv area size & fix overflow in check for tp_frame_nr & fix overflow in check for tp_reserve in kernel-net-packet CVE-2017-7308
asked 2017-10-05 11:07:28 +0200
This post is a wiki. Anyone with karma >75 is welcome to improve it.
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. 7.8 high
3 upstream Patches available |1| |2| |3| which are equal to the 3.2-backports |1| |2| |3|
SFOS for p4903 already patched in 2.1.1 Jämsänjoki / all other Jolla devices (e.g sbj, tbj, l500d ...) are still missing this patch in 2.1.3 .
File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/packet/af_packet.c
howto from project zero
lpr ( 2017-10-05 11:10:50 +0200 )edit