Revision history [back]
 | 1 | initial version | posted 2017-09-19 09:35:21 +0300  |
initialize rcv_mss to TCP_MIN_MSS instead of 0 in kernel-net-ipv4 CVE-2017-14106
The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path. CVSS v3 Base Score: 5.5 Medium
Patch is available (upstream patch equal to 3.2-backport, so kernel-3.4-sbj no problem)
File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/ipv4/tcp.c lines 2131-2136
| | 2 | No.2 Revision |
initialize rcv_mss to TCP_MIN_MSS instead of 0 in kernel-net-ipv4 CVE-2017-14106
The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path. CVSS v3 Base Score: 5.5 Medium
Patch is available (upstream patch equal to 3.2-backport, so kernel-3.4-sbj should be no problem)problem to patch)
File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/ipv4/tcp.c lines 2131-2136
| | 3 | No.3 Revision |
initialize rcv_mss to TCP_MIN_MSS instead of 0 in kernel-net-ipv4 CVE-2017-14106
The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path. CVSS v3 Base Score: 5.5 Medium
Patch is available (upstream patch equal to 3.2-backport, so kernel-3.4-sbj should be no problem to patch)patch) .
File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/ipv4/tcp.c lines 2131-2136