Bug 1487295 (CVE-2017-14106) - CVE-2017-14106 kernel: Divide-by-zero in __tcp_select_window
Summary: CVE-2017-14106 kernel: Divide-by-zero in __tcp_select_window
Status: NEW
Alias: CVE-2017-14106
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20170901,repor...
Keywords: Security
Depends On: 1487051 1487061 1487703 1488340 1488341 1488342 1488343 1488344 1488345 1488346 1488347 1488348 1488349
Blocks: 1487299
TreeView+ depends on / blocked
 
Reported: 2017-08-31 14:54 UTC by Adam Mariš
Modified: 2019-02-08 15:01 UTC (History)
47 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:3163 normal SHIPPED_LIVE new packages: kernel-alt 2017-11-09 14:59:25 UTC
Red Hat Product Errata RHSA-2017:2918 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2017-10-19 17:24:24 UTC
Red Hat Product Errata RHSA-2017:2930 normal SHIPPED_LIVE Important: kernel security and bug fix update 2017-10-19 18:47:35 UTC
Red Hat Product Errata RHSA-2017:2931 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2017-10-19 18:48:35 UTC
Red Hat Product Errata RHSA-2017:3200 normal SHIPPED_LIVE Important: kernel security and bug fix update 2017-11-15 01:34:41 UTC
Red Hat Product Errata RHSA-2018:2172 None None None 2018-07-11 15:39 UTC

Description Adam Mariš 2017-08-31 14:54:44 UTC
Divide-by-zero vulnerability was found in __tcp_select_window function which can result into kernel panic causing local denial-of-service if panic_on_oops is enabled.

References:

http://seclists.org/oss-sec/2017/q3/389

https://marc.info/?l=linux-netdev&m=150415901823078

https://www.mail-archive.com/netdev@vger.kernel.org/msg186255.html

https://groups.google.com/forum/#!topic/syzkaller/e4SrsEBEziQ

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=499350a5a6e7512d9ed369ed63a4244b6536f4f8

Comment 1 Adam Mariš 2017-09-01 16:18:46 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1487703]

Comment 3 Wade Mealing 2017-09-05 08:07:03 UTC
Statement:

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.

Comment 8 Justin M. Forbes 2017-09-05 14:19:25 UTC
This bug was fixed upstream in May and is currently fixed included in all supported Fedora releases.

Comment 9 errata-xmlrpc 2017-10-19 13:27:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2017:2918 https://access.redhat.com/errata/RHSA-2017:2918

Comment 10 errata-xmlrpc 2017-10-19 15:07:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:2930 https://access.redhat.com/errata/RHSA-2017:2930

Comment 11 errata-xmlrpc 2017-10-19 15:11:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:2931 https://access.redhat.com/errata/RHSA-2017:2931

Comment 13 errata-xmlrpc 2017-11-14 20:39:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2017:3200 https://access.redhat.com/errata/RHSA-2017:3200

Comment 14 errata-xmlrpc 2018-07-11 15:39:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5 Extended Lifecycle Support

Via RHSA-2018:2172 https://access.redhat.com/errata/RHSA-2018:2172


Note You need to log in before you can comment on or make changes to this bug.