[CVE-2011-1093] dccp: fix oops on Reset after close

Stefan Bader stefan.bader at canonical.com
Thu Jul 21 14:12:44 UTC 2011

On 21.07.2011 15:59, Andy Whitcroft wrote:
> CVE-2011-1093
> 	The dccp_rcv_state_process function in net/dccp/input.c in the
> 	Datagram Congestion Control Protocol (DCCP) implementation in
> 	the Linux kernel before 2.6.38 does not properly handle packets
> 	for a CLOSED endpoint, which allows remote attackers to cause a
> 	denial of service (NULL pointer dereference and OOPS) by sending
> 	a DCCP-Close packet followed by a DCCP-Reset packet.
> The fix for this has hit lucid and later via mainline and stable.
> Following this are two patches, the first for hardy, the second for
> lucid/fsl-imx51 and maverick/ti-omap4.  I all cases they are a simple
> cherry-pick from the mainline commit as applied to the existing branches;
> hardy differs in context only.
> Proposing for hardy, lucid/fsl-imx51 and maverick/ti-omap4.
> -apw
Acked-by: Stefan Bader <stefan.bader at canonical.com>

More information about the kernel-team mailing list