oss-sec mailing list archives
Re: CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb
From: <cve-assign () mitre org>
Date: Tue, 22 Nov 2016 16:59:43 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
There's a bug in the Linux kernel sctp implementation which allows a remote attacker to trigger a slab-out-of-bounds access with an offset up to 64K bytes. https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 net/sctp/sm_statefuns.c
Use CVE-2016-9555. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYNL8aAAoJEHb/MwWLVhi2cu8P/R47S5O4YTuIR+YcW8hiCkto OGnhhbOWHa7Ts1nl7cXwRhhq2/D8uzjX/5LZsl+ziqrZcWNr9MM0KAXrL79aS79D mGr559SbkLiI0Z66mQy6dZyDx8H/ZuobxMbMc0FJ4vuJUAleiJPpyP+Gf8tFjrkX 597yeMGSKX09+xDeIHIrVUoKvHRP4XhB3/ix4HJ3BiKeQCx3GMHxjJ/mCtVTYS01 KTczF+cof/QJnwq5NdXFPA6zkNNRql9+KJPcJvNBNYUKURGTdDhASBEsqTrOJqrx cu4+plaZh/+9mynU3dEUH5swyFVW80yuHm8aLOjMQTk6N7PQmii8qcCxs+AXXF3v YgJ+EQR2Z7jA7yZtbSiiCnxxX730bHHPTKQhdRcfU5WRtOakdqFw4o/gwPT87+fM gTN4aGTRL7bD2/hlFrGlbF4G3y/sO95iD090TF5R7nu8PLOaiFgMWfhGqh4FX7Zr K28gExzc2LxdMwf2K2yEiGTehouqibWpF3Kos9OeagIqdVsfMUl4Jh1hhn3wKSwn kPi9RIdv0YZlXZZEcPH0UGg9HhpySE+5sXODal/KxmYbYskofSjmeCJRvl4/LbnY ymv3A7+mJ6vCuBQMOtLeQU7UuONKxh90qdNXJvbjyynO1rbOJUPlfqGQ9Dj5xaTT 0ItazodRS8D9fpKt0PAh =u07t -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb Andrey Konovalov (Nov 22)
- Re: CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb cve-assign (Nov 22)