Bug ID | 1011685 |
---|---|
Summary | VUL-0: kernel-source: net/sctp: slab-out-of-bounds in sctp_sf_ootb |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.1 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | mikhail.kasimov@gmail.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
Reference: http://seclists.org/oss-sec/2016/q4/504 ===================================================== Hi, There's a bug in the Linux kernel sctp implementation which allows a remote attacker to trigger a slab-out-of-bounds access with an offset up to 64K bytes. The bug was fixed upstream: https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 More details are here: https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk Could you assign a CVE for this? Thanks! =====================================================