Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 617506 (CVE-2017-2671) - Kernel CVE-2017-2671 ping socket / AF_LLC connect() sin_family race
Summary: Kernel CVE-2017-2671 ping socket / AF_LLC connect() sin_family race
Status: UNCONFIRMED
Alias: CVE-2017-2671
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-04 18:24 UTC by Volkan
Modified: 2017-05-04 18:26 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Volkan 2017-05-04 18:24:17 UTC
A race condition, leading to a NULL pointer dereference, was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to corrupt kernel memory leading to a kernel crash or privilege escalation. 

References:

http://seclists.org/oss-sec/2017/q1/675

CVE assignment:

http://seclists.org/oss-sec/2017/q2/17

Patch:

http://seclists.org/oss-sec/2017/q1/677

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=43a6684519ab0a6c52024b5e25322476cabad893

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43a6684519ab0a6c52024b5e25322476cabad893