FS#39566 - [linux] CVE-2014-2568 net: potential information leak when ubuf backed skbs are skb_zerocopy()ied

Attached to Project: Arch Linux
Opened by Billy Wayne McCann (bwayne) - Friday, 21 March 2014, 12:44 GMT
Last edited by Thomas Bächler (brain0) - Friday, 21 March 2014, 19:03 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Tobias Powalowski (tpowa)
Thomas Bächler (brain0)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
net: potential information leak when ubuf backed skbs are skb_zerocopy()ied

MITRE assigned cve CVE-2014-0131 to this issue on Thu, 20 Mar 2014.[0]

An upstream patch is available.[1]

The patch has been attached to this entry.

Resolution:
patch

Additional info:
* package version(s)
3.13.6


[0] http://seclists.org/oss-sec/2014/q1/630
[1] https://lkml.org/lkml/2014/3/20/421
   diff1 (4.3 KiB)
This task depends upon

Closed by  Thomas Bächler (brain0)
Friday, 21 March 2014, 19:03 GMT
Reason for closing:  Not a bug
Additional comments about closing:  skb_zerocopy is only a thing in 3.14, does not affect any Arch kernels.
Comment by Florian Pritz (bluewind) - Friday, 21 March 2014, 13:16 GMT
That link has a reply mentioning that the patch (v3) is bugged.
Comment by Billy Wayne McCann (bwayne) - Friday, 21 March 2014, 13:26 GMT
Apologies for not following the replies. Still learning the ropes. (The "patch" mark on oss-security ML was a bit premature, I suppose.)

Loading...