Headline
CVE-2018-25062: ipsec: Fix aborted xfrm policy dump crash · flar2/ElementalX-N9@1df72c9
A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152.
Permalink
Browse files
ipsec: Fix aborted xfrm policy dump crash
An independent security researcher, Mohamed Ghannam, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
The xfrm_dump_policy_done function expects xfrm_dump_policy to have been called at least once or it will crash. This can be triggered if a dump fails because the target socket’s receive buffer is full.
This patch fixes it by using the cb->start mechanism to ensure that the initialisation is always done regardless of the buffer situation.
Change-Id: Id41cdd41c4e43e0c3ac30c5d03c15b8046d70845 Fixes: 12a169e (“ipsec: Put dumpers on the dump list”) Signed-off-by: Herbert Xu [email protected] Signed-off-by: Steffen Klassert [email protected]
- Loading branch information