| Bug ID | 1011685 |
|---|---|
| Summary | VUL-0: kernel-source: net/sctp: slab-out-of-bounds in sctp_sf_ootb |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.1 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | mikhail.kasimov@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
Reference: http://seclists.org/oss-sec/2016/q4/504 ===================================================== Hi, There's a bug in the Linux kernel sctp implementation which allows a remote attacker to trigger a slab-out-of-bounds access with an offset up to 64K bytes. The bug was fixed upstream: https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 More details are here: https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk Could you assign a CVE for this? Thanks! =====================================================