CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.

Message ID

e637d68ce6f4f94dce8cb30c647e672ebb1f0b7b.1508253970.git.lucien.xin@gmail.com

State

Accepted, archived

Delegated to:

David Miller

Headers

show

Series

\[net\] sctp: do not peel off an assoc from one netns to another one | expand

**Commit Message****Comments**

**Patch**

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index d4730ad..17841ab 100644
\--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4906,6 +4906,10 @@  int sctp\_do\_peeloff(struct sock \*sk, sctp\_assoc\_t id, struct socket \*\*sockp)
 	struct socket \*sock;
 	int err = 0;
 
+	/\* Do not peel off from one netns to another one. \*/
+	if (!net\_eq(current->nsproxy->net\_ns, sock\_net(sk)))
+		return -EINVAL;
+
 	if (!asoc)
 		return -EINVAL;

Headline

CVE-2017-15115: [net] sctp: do not peel off an assoc from one netns to another one

CVE: Latest News