APPLIED [OEM-6.0/OEM-6.1] Re: [SRU Focal/Jammy/HWE-5.19/OEM-6.0/OEM-6.1/Lunar 0/1] CVE-2023-1206
Timo Aaltonen
tjaalton at ubuntu.com
Tue Aug 22 10:36:35 UTC 2023
Cengiz Can kirjoitti 11.8.2023 klo 3.56:
> [Impact]
> A hash collision flaw was found in the IPv6 connection lookup table in the
> Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood
> attack. A user located in the local network or with a high bandwidth connection
> can increase the CPU usage of the server that accepts IPV6 connections up to
> 95%.
>
> [Fix]
> Cherry picked from upstream to all kernels.
>
> [Test case]
> Compile and boot tested only.
>
> [Potential regression]
> IPv6 users can be affected, however highly unlikely since the fix only improves
> an inline hash calculation function.
>
> Stewart Smith (1):
> tcp: Reduce chance of collisions in inet6_hashfn().
>
> include/net/ipv6.h | 8 ++------
> 1 file changed, 2 insertions(+), 6 deletions(-)
>
applied to oem kernels, thanks
--
t
More information about the kernel-team
mailing list