Bugzilla – Bug 822583
VUL-0: kernel: CVE-2013-2128: oops from tcp_collapse() when using splice(2)
Last modified: 2013-05-31 12:23:36 UTC
Public via oss-security. Date: Thu, 30 May 2013 00:40:49 +0530 (IST) From: P J P Subject: [oss-security] CVE request: Linux kernel: net: oops from tcp_collapse() when using splice(2) Hello, Linux kernel which supports splice(2) call to move data across file/socket descriptors via a pipe buffers, is vulnerable to a kernel crash that occurs while calling splice(2) over a tcp socket which in turn calls tcp_read_sock(). A user/program could use this flaw to cause system crash, resulting in DoS. Upstream fix: ------------- -> https://git.kernel.org/linus/baff42ab1494528907bf4d5870359e31711746ae Thank you. -- Prasad J Pandit / Red Hat Security Response Team DB7A 84C5 D3F9 7CD1 B5EB C939 D048 7860 3655 602B
According to jbohac: "splice, where the socket is unlocked and locked again, only came in 2.6.25" So it seems that only SLE11-SP1 one is affected. But that tree already has the fix from the stable update (patches.kernel.org/patch-2.6.32.22-23). So there is nothing to do here I guess.
Confirmed also that SLES 11 SP2 already has the good fix included (via 3.0 or earlier). So no products affected, was fixed upstream in time. :)