On Wed, Aug 02, 2017 at 07:50:14PM +0200, Vladis Dronov wrote:
> The 'dir' parameter in xfrm_migrate() is a user-controlled byte which is used
> as an array index. This can lead to an out-of-bound access, kernel lockup and
> DoS. Add a check for the 'dir' value.
>
> This fixes CVE-2017-11600.
>
>
The 'dir' parameter in xfrm_migrate() is a user-controlled byte which is used
as an array index. This can lead to an out-of-bound access, kernel lockup and
DoS. Add a check for the 'dir' value.
This fixes CVE-2017-11600.
References: https://bugzilla.redhat.com/show_bug.cgi?id=1474928
Fixes: 80c9a
