Bug 1487295 - (CVE-2017-14106) CVE-2017-14106 kernel: Divide-by-zero in __tcp_select_window
CVE-2017-14106 kernel: Divide-by-zero in __tcp_select_window
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20170901,repor...
: Security
Depends On: 1487051 1487061 1487703 1488340 1488341 1488342 1488343 1488344 1488345 1488346 1488347 1488348 1488349
Blocks: 1487299
  Show dependency treegraph
 
Reported: 2017-08-31 10:54 EDT by Adam Mariš
Modified: 2018-07-19 02:33 EDT (History)
49 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:3163 normal SHIPPED_LIVE new packages: kernel-alt 2017-11-09 09:59:25 EST
Red Hat Product Errata RHSA-2017:2918 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2017-10-19 13:24:24 EDT
Red Hat Product Errata RHSA-2017:2930 normal SHIPPED_LIVE Important: kernel security and bug fix update 2017-10-19 14:47:35 EDT
Red Hat Product Errata RHSA-2017:2931 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2017-10-19 14:48:35 EDT
Red Hat Product Errata RHSA-2017:3200 normal SHIPPED_LIVE Important: kernel security and bug fix update 2017-11-14 20:34:41 EST
Red Hat Product Errata RHSA-2018:2172 None None None 2018-07-11 11:39 EDT

  None (edit)
Description Adam Mariš 2017-08-31 10:54:44 EDT
Divide-by-zero vulnerability was found in __tcp_select_window function which can result into kernel panic causing local denial-of-service if panic_on_oops is enabled.

References:

http://seclists.org/oss-sec/2017/q3/389

https://marc.info/?l=linux-netdev&m=150415901823078

https://www.mail-archive.com/netdev@vger.kernel.org/msg186255.html

https://groups.google.com/forum/#!topic/syzkaller/e4SrsEBEziQ

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=499350a5a6e7512d9ed369ed63a4244b6536f4f8
Comment 1 Adam Mariš 2017-09-01 12:18:46 EDT
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1487703]
Comment 3 Wade Mealing 2017-09-05 04:07:03 EDT
Statement:

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.
Comment 8 Justin M. Forbes 2017-09-05 10:19:25 EDT
This bug was fixed upstream in May and is currently fixed included in all supported Fedora releases.
Comment 9 errata-xmlrpc 2017-10-19 09:27:52 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2017:2918 https://access.redhat.com/errata/RHSA-2017:2918
Comment 10 errata-xmlrpc 2017-10-19 11:07:35 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:2930 https://access.redhat.com/errata/RHSA-2017:2930
Comment 11 errata-xmlrpc 2017-10-19 11:11:14 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:2931 https://access.redhat.com/errata/RHSA-2017:2931
Comment 13 errata-xmlrpc 2017-11-14 15:39:24 EST
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2017:3200 https://access.redhat.com/errata/RHSA-2017:3200
Comment 14 errata-xmlrpc 2018-07-11 11:39:03 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5 Extended Lifecycle Support

Via RHSA-2018:2172 https://access.redhat.com/errata/RHSA-2018:2172

Note You need to log in before you can comment on or make changes to this bug.