oss-sec mailing list archives

Re: CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb

From: <cve-assign () mitre org>
Date: Tue, 22 Nov 2016 16:59:43 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

There's a bug in the Linux kernel sctp implementation which allows a
remote attacker to trigger a slab-out-of-bounds access with an offset
up to 64K bytes.

https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk
https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6
net/sctp/sm_statefuns.c


Use CVE-2016-9555.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYNL8aAAoJEHb/MwWLVhi2cu8P/R47S5O4YTuIR+YcW8hiCkto
OGnhhbOWHa7Ts1nl7cXwRhhq2/D8uzjX/5LZsl+ziqrZcWNr9MM0KAXrL79aS79D
mGr559SbkLiI0Z66mQy6dZyDx8H/ZuobxMbMc0FJ4vuJUAleiJPpyP+Gf8tFjrkX
597yeMGSKX09+xDeIHIrVUoKvHRP4XhB3/ix4HJ3BiKeQCx3GMHxjJ/mCtVTYS01
KTczF+cof/QJnwq5NdXFPA6zkNNRql9+KJPcJvNBNYUKURGTdDhASBEsqTrOJqrx
cu4+plaZh/+9mynU3dEUH5swyFVW80yuHm8aLOjMQTk6N7PQmii8qcCxs+AXXF3v
YgJ+EQR2Z7jA7yZtbSiiCnxxX730bHHPTKQhdRcfU5WRtOakdqFw4o/gwPT87+fM
gTN4aGTRL7bD2/hlFrGlbF4G3y/sO95iD090TF5R7nu8PLOaiFgMWfhGqh4FX7Zr
K28gExzc2LxdMwf2K2yEiGTehouqibWpF3Kos9OeagIqdVsfMUl4Jh1hhn3wKSwn
kPi9RIdv0YZlXZZEcPH0UGg9HhpySE+5sXODal/KxmYbYskofSjmeCJRvl4/LbnY
ymv3A7+mJ6vCuBQMOtLeQU7UuONKxh90qdNXJvbjyynO1rbOJUPlfqGQ9Dj5xaTT
0ItazodRS8D9fpKt0PAh
=u07t
-----END PGP SIGNATURE-----

Current thread:

CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb Andrey Konovalov (Nov 22)
- Re: CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb cve-assign (Nov 22)