Vladis Dronov
2018-08-27 09:25:15 UTC
Heololo,
A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4.
A crafted network packet sent remotely by an attacker may force the kernel to enter
an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading
to a denial-of-service.
All the kernels with the cipso_v4_optptr() function which have not backported
the upstream commit 40413955ee26 are vulnerable.
Thanks to Yves Younan from Cisco for mentioning this.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1622404
Upstream Patch introduced the flaw:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04f81f0154e4bf002be6f4d85668ce1257efa4d9
Upstream Patch fixed the flaw:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149
Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer
A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4.
A crafted network packet sent remotely by an attacker may force the kernel to enter
an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading
to a denial-of-service.
All the kernels with the cipso_v4_optptr() function which have not backported
the upstream commit 40413955ee26 are vulnerable.
Thanks to Yves Younan from Cisco for mentioning this.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1622404
Upstream Patch introduced the flaw:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04f81f0154e4bf002be6f4d85668ce1257efa4d9
Upstream Patch fixed the flaw:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149
Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer