A flaw was found in the Linux kernel which allows remote attackers to crash the system or corrupt kernel memory, possibly leading to arbitrary code execution, via UDP traffic that triggers an unsafe second checksum calculation during the execution of a recv system call with the MSG_PEEK flag. Upstream patch: https://github.com/torvalds/linux/commit/197c949e7798fbf28cfadc69d9ca0c2abbf93191 References: http://source.android.com/security/bulletin/2017-04-01.html
CVE-2016-10229 udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
Fixed in >=sys-kernel/gentoo-source-4.4.21 >=sys-kernel/gentoo-source-3.12.53 >=sys-kernel/gentoo-source-3.10.103 >=sys-kernel/gentoo-source-3.4.113 >=sys-kernel/gentoo-source-3.2.76 Patch is currently missing in gentoo-source-4.1.x (already reported, https://www.spinics.net/lists/stable/msg167671.html)
Released in gentoo-sources-4.1.39-r1 commit b8d213a1983935e8741527f7a87ff63f1a44e648 Author: Mike Pagano <mpagano@gentoo.org> Date: Fri Apr 14 15:17:28 2017 -0400 Fix for CVE-2016-10229. Unsafe second checksum calculation in udp.c. See bug #615480.
*** Bug 616922 has been marked as a duplicate of this bug. ***
Mask sys-kernel/vanilla-sources-4.1.39 commit 9f7aab68a74249534e48c2745b9f480f427859d1 Author: Alice Ferrazzi <alicef@gentoo.org> AuthorDate: Sat Apr 29 14:54:44 2017 +0100 Commit: Alice Ferrazzi <alicef@gentoo.org> CommitDate: Sat Apr 29 14:54:44 2017 +0100 profiles/: Mask sys-kernel/vanilla-sources-4.1.39.
Fix in 4.5