Headline

CVE-2017-7308: [net,v2,1/3] net/packet: fix overflow in check for priv area size

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.

7 years ago

CVE

Open in Source

#google #linux #dos #git #perl

Message ID

56da2aa1dec51c258eb25693ed87e4de72413463.1490796500.git.andreyknvl@google.com

State

Accepted, archived

Delegated to:

David Miller

Headers

show

Commit Message****Comments

Patch

diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index a0dbe7ca8f72…2323ee35dc09 100644 — a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -4193,8 +4193,8 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, if (unlikely(!PAGE_ALIGNED(req->tp_block_size))) goto out; if (po->tp_version >= TPACKET_V3 && - (int)(req->tp_block_size - - BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0)

```
      req->tp\_block\_size <=
```

        BLK\_PLUS\_PRIV((u64)req\_u->req3.tp\_sizeof\_priv))
      goto out;
  if (unlikely(req->tp\_frame\_size < po->tp\_hdrlen +
              po->tp\_reserve))

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

9 months ago

9 months ago

9 months ago

9 months ago

9 months ago