lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 15 Oct 2020 11:23:53 +0200
From:   Kleber Souza <>
To:     Jakub Kicinski <>
Cc:, Gerrit Renker <>,
        "David S. Miller" <>,
        Thadeu Lima de Souza Cascardo <>,
        "Gustavo A. R. Silva" <>,
        "Alexander A. Klimov" <>,
        Kees Cook <>,
        Eric Dumazet <>,
        Alexey Kodanev <>,,
Subject: Re: [PATCH 2/2] Revert "dccp: don't free ccid2_hc_tx_sock struct in

On 15.10.20 05:42, Jakub Kicinski wrote:
> On Tue, 13 Oct 2020 19:18:49 +0200 Kleber Sacilotto de Souza wrote:
>> From: Thadeu Lima de Souza Cascardo <>
>> This reverts commit 2677d20677314101293e6da0094ede7b5526d2b1.
>> This fixes an issue that after disconnect, dccps_hc_tx_ccid will still be
>> kept, allowing the socket to be reused as a listener socket, and the cloned
>> socket will free its dccps_hc_tx_ccid, leading to a later use after free,
>> when the listener socket is closed.
>> This addresses CVE-2020-16119.
>> Fixes: 2677d2067731 (dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect())
>> Reported-by: Hadar Manor
> Does this person has an email address?

We have received this report via a private Launchpad bug and the submitter
didn't provide any public email address, so we have only their name.

>> Signed-off-by: Thadeu Lima de Souza Cascardo <>
>> Signed-off-by: Kleber Sacilotto de Souza <>

Powered by blists - more mailing lists