[CVE A/T] CVE-2018-1130 -- dccp oops

Evgenii Shatokhin eshatokhin at virtuozzo.com
Wed May 30 11:46:53 UTC 2018


Hi,

On 30.05.2018 13:20, Andy Whitcroft wrote:
> CVE-2018-1130
>      It was discovered that a null pointer dereference vulnerability
>      existed in the DCCP protocol implementation in the Linux kernel. A
>      local attacker could use this to cause a denial of service (system
>      crash).
> 
> Following this email are patches for artful and trusty, they are both
> clean cherry-picks but differ in context.
> 
> Proposing for SRU to artful/linux and trusty/linux.
> 
> -apw
> 

Please consider backporting the following mainline commit as well:

commit 990ff4d84408fc55942ca6644f67e361737b3d8e
Author: Eric Dumazet <edumazet at google.com>
Date:   Thu Nov 3 08:59:46 2016 -0700

     ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped

If I understand it correctly, it is not present in Artful and Trusty.

Without it, the same reproducer program for CVE-2018-1130 (see 
https://syzkaller.appspot.com/bug?id=833568de043e0909b2aeaef7be136db39d21ba94) 
could make the kernel call the missing dccp_ipv6_mapped->bind_conflict() 
callback, which would result in a crash.

I haven't tried the reproducer in Ubuntu yet, only in RHEL, but the 
Ubuntu kernels might be affected too.

Regards,
Evgenii




More information about the kernel-team mailing list