Bug 1663729 (CVE-2019-3701) - CVE-2019-3701 kernel: Missing check in net/can/gw.c:can_can_gw_rcv() allows for crash by users with CAP_NET_ADMIN
Summary: CVE-2019-3701 kernel: Missing check in net/can/gw.c:can_can_gw_rcv() allows f...
Status: NEW
Alias: CVE-2019-3701
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
(Show other bugs)
Version: unspecified
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20181228,repor...
Keywords: Security
Depends On: 1663730
Blocks: 1663768
TreeView+ depends on / blocked
 
Reported: 2019-01-07 03:02 UTC by Sam Fowler
Modified: 2019-01-07 03:06 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Sam Fowler 2019-01-07 03:02:30 UTC
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. Users with CAP_NET_ADMIN can exploit this vulnerability to cause a system crash (general protection fault).


References:

https://bugzilla.suse.com/show_bug.cgi?id=1120386
https://marc.info/?l=linux-netdev&m=154651842302479&w=2

Comment 1 Sam Fowler 2019-01-07 03:02:45 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1663730]


Note You need to log in before you can comment on or make changes to this bug.