Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 489426 (CVE-2013-4470)

Summary: Kernel : net: memory corruption with UDP_CORK and UFO (CVE-2013-4470)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-10-26 06:15:12 UTC
From ${URL} :

Linux kernel built with an Ethernet driver(ex virtio-net) which has UDP
Fragmentation Offload(UFO) feature ON is vulnerable to a memory corruption flaw
when UDP_CORK socket option is set. It could occur when sending large messages,
wherein not all messages are greater than maximum transfer unit(MTU) of the
underlying medium.

An unprivileged user/program could use this flaw to crash the kernel resulting in DoS, or 
potentially escalate their privileges on the system.

Upstream fix:
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-11-27 21:48:11 UTC
CVE-2013-4470 (
  The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is
  enabled, does not properly initialize certain data structures, which allows
  local users to cause a denial of service (memory corruption and system
  crash) or possibly gain privileges via a crafted application that uses the
  UDP_CORK option in a setsockopt system call and sends both short and long
  packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c
  and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 15:41:54 UTC
Fixes in 3.11.7 onwards