fix overflow in check for priv area size & fix overflow in check for tp_frame_nr & fix overflow in check for tp_reserve in kernel-net-packet CVE-2017-7308

Tracked by Jolla

asked 2017-10-05 11:07:28 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-12-20 00:41:59 +0200

lpr gravatar image

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. 7.8 high

3 upstream Patches available |1| |2| |3| which are equal to the 3.2-backports |1| |2| |3|

SFOS for p4903 already patched in 2.1.1 Jämsänjoki / all other Jolla devices (e.g sbj, tbj, l500d ...) are still missing this patch in 2.1.3 .

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/packet/af_packet.c

edit retag flag offensive close delete

Comments

howto from project zero

lpr ( 2017-10-05 11:10:50 +0200 )edit