CVE-2016-10229 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Critical
Remote	Yes
Type	Arbitrary code execution
Description	A security has been in found in udp.c in the Linux kernel before 4.5, which allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during the execution of a recv() system call with the MSG_PEEK flag set.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-240	linux	4.4.5-1	4.5-1	Critical	Fixed

References
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191

Notes
Looks like the issue was introduced by 89c22d8, but was prevented in mainline because since 3.19 skb_copy_and_csum_datagram_iovec() is not used in this path anymore, and skb_copy_and_csum_datagram_msg() prevents the problem. However it looks like 89c22d8 was backported to older "stable" kernels without the move to skb_copy_and_csum_datagram_msg() , making them vulnerables.

Notes

Looks like the issue was introduced by 89c22d8, but was prevented in mainline because since 3.19 skb_copy_and_csum_datagram_iovec() is not used in this path anymore, and skb_copy_and_csum_datagram_msg() prevents the problem. However it looks like 89c22d8 was backported to older "stable" kernels without the move to skb_copy_and_csum_datagram_msg() , making them vulnerables.