FS#39566 : [linux] CVE-2014-2568 net: potential information leak when ubuf backed skbs are skb

FS#39566 - [linux] CVE-2014-2568 net: potential information leak when ubuf backed skbs are skb_zerocopy()ied

Attached to Project: Arch Linux
Opened by Billy Wayne McCann (bwayne) - Friday, 21 March 2014, 12:44 GMT
Last edited by Thomas Bächler (brain0) - Friday, 21 March 2014, 19:03 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Tobias Powalowski (tpowa) Thomas Bächler (brain0)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
net: potential information leak when ubuf backed skbs are skb_zerocopy()ied

MITRE assigned cve CVE-2014-0131 to this issue on Thu, 20 Mar 2014.[0]

An upstream patch is available.[1]

The patch has been attached to this entry.

Resolution:
patch

Additional info:
* package version(s)
3.13.6

[0] http://seclists.org/oss-sec/2014/q1/630
[1] https://lkml.org/lkml/2014/3/20/421

diff1 (4.3 KiB)

This task depends upon

Closed by Thomas Bächler (brain0)
Friday, 21 March 2014, 19:03 GMT
Reason for closing: Not a bug
Additional comments about closing: skb_zerocopy is only a thing in 3.14, does not affect any Arch kernels.

Comment by Florian Pritz (bluewind) - Friday, 21 March 2014, 13:16 GMT

That link has a reply mentioning that the patch (v3) is bugged.

Comment by Billy Wayne McCann (bwayne) - Friday, 21 March 2014, 13:26 GMT

Apologies for not following the replies. Still learning the ropes. (The "patch" mark on oss-security ML was a bit premature, I suppose.)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#39566 - [linux] CVE-2014-2568 net: potential information leak when ubuf backed skbs are skb_zerocopy()ied

Details

Loading...