Bug#782515: TCP Fast Open local DoS in some Linux stable branches

To: oss-security <oss-security@lists.openwall.com>
Cc: 782515@bugs.debian.org
Subject: Bug#782515: TCP Fast Open local DoS in some Linux stable branches
From: Ben Hutchings <ben@decadent.org.uk>
Date: Tue, 14 Apr 2015 21:24:19 +0100
Message-id: <[🔎] 1429043059.3211.58.camel@decadent.org.uk>
Reply-to: Ben Hutchings <ben@decadent.org.uk>, 782515@bugs.debian.org

There is a local DoS triggered by use of the TCP Fast Open option,
specific to Linux stable branches, as a result of an incompletely
backported bug fix:

https://bugs.debian.org/782515
http://thread.gmane.org/gmane.linux.network/359588

The 3.16.7-ckt stable branch is definitely affected, and I believe but
haven't tested that the 3.10, 3.12, 3.13.11-ckt and 3.14 branches are
also affected.

Please assign a CVE ID for this.

Ben.

-- 
Ben Hutchings
Editing code like this is akin to sticking plasters on the bleeding stump
of a severed limb. - me, 29 June 1999

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Bug#782515: TCP Fast Open local DoS in some Linux stable branches
  - From: Ben Hutchings <ben@decadent.org.uk>
- Bug#782515: TCP Fast Open local DoS in some Linux stable branches - Linux kernel
  - From: cve-assign@mitre.org

Prev by Date: Bug#782515: [stable regression] tcp: make connect() mem charging friendly
Next by Date: Bug#782561: Buffer overruns in Linux kernel RFC4106 implementation using AESNI
Previous by thread: Bug#782611: linux-image-3.16.0-4-amd64: backlight on, white screen during text mode powersave on Acer Aspire One 725
Next by thread: Bug#782515: TCP Fast Open local DoS in some Linux stable branches
Index(es):
- Date
- Thread