Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 618146 (CVE-2017-7308) - kernel: net/packet: overflow in check for priv area size (CVE-2017-7308)
Summary: kernel: net/packet: overflow in check for priv area size (CVE-2017-7308)
Status: RESOLVED FIXED
Alias: CVE-2017-7308
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal critical
Assignee: Gentoo Kernel Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-10 21:18 UTC by GLSAMaker/CVETool Bot
Modified: 2022-03-25 23:02 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-05-10 21:18:09 UTC
CVE-2017-7308 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7308):
  The packet_set_ring function in net/packet/af_packet.c in the Linux kernel
  through 4.10.6 does not properly validate certain block-size data, which
  allows local users to cause a denial of service (overflow) or possibly have
  unspecified other impact via crafted system calls.


Fixed via

From 2b6867c2ce76c596676bec7d2d525af525fdc6e2 Mon Sep 17 00:00:00 2001
From: Andrey Konovalov
Date: Wed, 29 Mar 2017 16:11:20 +0200
Subject: [PATCH] net/packet: fix overflow in check for priv area size

Subtracting tp_sizeof_priv from tp_block_size and casting to int
to check whether one is less then the other doesn't always work
(both of them are unsigned ints).

Compare them as is instead.

Also cast tp_sizeof_priv to u64 before using BLK_PLUS_PRIV, as
it can overflow inside BLK_PLUS_PRIV otherwise.

Signed-off-by: Andrey Konovalov
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller
Comment 1 Arisu Tachibana Gentoo Infrastructure gentoo-dev 2017-05-11 04:35:48 UTC
List of affected kernels
http://www.securityfocus.com/bid/97234/info
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-05-12 07:09:09 UTC
Details about exploitation can be found here https://googleprojectzero.blogspot.no/2017/05/exploiting-linux-kernel-via-packet.html
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 23:02:15 UTC
Fixed in 4.9.23, 4.11 onward