blob: 1f1158c438dca26499a5708e205659c4d4ae72f8 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Description: net: a BUG() statement can be hit in net/ipv4/tcp_input.c
References:
http://www.spinics.net/lists/stable/msg150470.html
http://www.spinics.net/lists/netdev/msg403701.html
http://marc.info/?l=linux-netdev&m=147878925724283&w=2
http://marc.info/?t=147878927800005&r=1&w=2 # the whole thread
https://bugzilla.redhat.com/show_bug.cgi?id=1393904
http://marc.info/?l=linux-netdev&m=147881188232264&w=2
http://marc.info/?t=147881111500001&r=1&w=2&n=2 # the whole thread
http://marc.info/?l=linux-netdev&m=147881236332369&w=2 # patch v2
http://www.spinics.net/lists/netdev/msg403787.html
http://www.spinics.net/lists/netdev/msg403789.html # patch v2
Notes:
carnil> Issue introduced with the tcp-fastopen feature. Cf.
carnil> http://www.openwall.com/lists/oss-security/2016/11/30/3
carnil> Introduced in 3.6-rc1 with cf60af03ca4e71134206809ea892e49b92a88896
bwh> Eric Dumazet disputes that tcp-fastopen introduced the issue.
bwh> Only the specific case found by syzkaller seems to depend on it.
Bugs:
upstream: released (4.9-rc6) [ac6e780070e30e4c35bd395acfe9191e6268bdd3]
3.16-upstream-stable: released (3.16.40) [tcp-take-care-of-truncations-done-by-sk_filter.patch]
3.2-upstream-stable: released (3.2.85) [tcp-take-care-of-truncations-done-by-sk_filter.patch]
sid: released (4.8.11-1) [2b5f22e4f7fd208c8d392e5c3755cea1f562cb98]
3.16-jessie-security: released (3.16.39-1) [bugfix/all/tcp-take-care-of-truncations-done-by-sk_filter.patch]
3.2-wheezy-security: released (3.2.84-1) [bugfix/all/tcp-take-care-of-truncations-done-by-sk_filter.patch]
|
