[CVE A/T] CVE-2018-1130 -- dccp oops
Evgenii Shatokhin
eshatokhin at virtuozzo.com
Wed May 30 11:46:53 UTC 2018
Hi,
On 30.05.2018 13:20, Andy Whitcroft wrote:
> CVE-2018-1130
> It was discovered that a null pointer dereference vulnerability
> existed in the DCCP protocol implementation in the Linux kernel. A
> local attacker could use this to cause a denial of service (system
> crash).
>
> Following this email are patches for artful and trusty, they are both
> clean cherry-picks but differ in context.
>
> Proposing for SRU to artful/linux and trusty/linux.
>
> -apw
>
Please consider backporting the following mainline commit as well:
commit 990ff4d84408fc55942ca6644f67e361737b3d8e
Author: Eric Dumazet <edumazet at google.com>
Date: Thu Nov 3 08:59:46 2016 -0700
ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
If I understand it correctly, it is not present in Artful and Trusty.
Without it, the same reproducer program for CVE-2018-1130 (see
https://syzkaller.appspot.com/bug?id=833568de043e0909b2aeaef7be136db39d21ba94)
could make the kernel call the missing dccp_ipv6_mapped->bind_conflict()
callback, which would result in a crash.
I haven't tried the reproducer in Ubuntu yet, only in RHEL, but the
Ubuntu kernels might be affected too.
Regards,
Evgenii
More information about the kernel-team
mailing list