Message ID | 20230811005700.441021-1-cengiz.can@canonical.com |
---|---|
Headers | show |
Series | CVE-2023-1206 | expand |
On 8/10/23 6:56 PM, Cengiz Can wrote: > [Impact] > A hash collision flaw was found in the IPv6 connection lookup table in the > Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood > attack. A user located in the local network or with a high bandwidth connection > can increase the CPU usage of the server that accepts IPV6 connections up to > 95%. > > [Fix] > Cherry picked from upstream to all kernels. > > [Test case] > Compile and boot tested only. > > [Potential regression] > IPv6 users can be affected, however highly unlikely since the fix only improves > an inline hash calculation function. > > Stewart Smith (1): > tcp: Reduce chance of collisions in inet6_hashfn(). > > include/net/ipv6.h | 8 ++------ > 1 file changed, 2 insertions(+), 6 deletions(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
Cengiz Can kirjoitti 11.8.2023 klo 3.56: > [Impact] > A hash collision flaw was found in the IPv6 connection lookup table in the > Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood > attack. A user located in the local network or with a high bandwidth connection > can increase the CPU usage of the server that accepts IPV6 connections up to > 95%. > > [Fix] > Cherry picked from upstream to all kernels. > > [Test case] > Compile and boot tested only. > > [Potential regression] > IPv6 users can be affected, however highly unlikely since the fix only improves > an inline hash calculation function. > > Stewart Smith (1): > tcp: Reduce chance of collisions in inet6_hashfn(). > > include/net/ipv6.h | 8 ++------ > 1 file changed, 2 insertions(+), 6 deletions(-) > applied to oem kernels, thanks
On 11/08/2023 02:56, Cengiz Can wrote: > [Impact] > A hash collision flaw was found in the IPv6 connection lookup table in the > Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood > attack. A user located in the local network or with a high bandwidth connection > can increase the CPU usage of the server that accepts IPV6 connections up to > 95%. > > [Fix] > Cherry picked from upstream to all kernels. > > [Test case] > Compile and boot tested only. > > [Potential regression] > IPv6 users can be affected, however highly unlikely since the fix only improves > an inline hash calculation function. > > Stewart Smith (1): > tcp: Reduce chance of collisions in inet6_hashfn(). > > include/net/ipv6.h | 8 ++------ > 1 file changed, 2 insertions(+), 6 deletions(-) > Acked-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
On 11.08.23 02:56, Cengiz Can wrote: > [Impact] > A hash collision flaw was found in the IPv6 connection lookup table in the > Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood > attack. A user located in the local network or with a high bandwidth connection > can increase the CPU usage of the server that accepts IPV6 connections up to > 95%. > > [Fix] > Cherry picked from upstream to all kernels. > > [Test case] > Compile and boot tested only. > > [Potential regression] > IPv6 users can be affected, however highly unlikely since the fix only improves > an inline hash calculation function. > > Stewart Smith (1): > tcp: Reduce chance of collisions in inet6_hashfn(). > > include/net/ipv6.h | 8 ++------ > 1 file changed, 2 insertions(+), 6 deletions(-) > Applied to lunar,jammy,focal:linux/master-next and jammy:linux-hwe-5.19/hwe-5.19-next. Thanks. -Stefan