New issue
Advanced search Search tips

Issue 697819 link

Starred by 1 user
Status: WontFix
Owner:
groeck@chromium.org
Closed: Mar 2017
Cc:
groeck@chromium.org
chromeos-kernel-security-bug-access@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug-Security



Sign in to add a comment

CrOS: Vulnerability reported in sys-kernel/chromeos-kernel-3_8

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Mar 2 2017 
Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: sys-kernel/chromeos-kernel-3_8
Package Version: [cpe:/o:linux:linux_kernel:3.8.11]

Advisory: CVE-2017-5972
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-5972
  CVSS severity score: 7.8/10.0
  Confidence: high
  Description:

The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7.

Comment 1 by vakh@chromium.org, Mar 2 2017

Components: OS>Kernel
Owner: groeck@chromium.org

Comment 2 by groeck@chromium.org, Mar 2 2017

Status: Assigned (was: Untriaged)

Comment 3 by groeck@chromium.org, Mar 2 2017 

Possible upstream commits:

531c94a9681b ("tcp: don't include Fast Open option in SYN-ACK on pure SYN-data")
a9b2c06dbef4 ("tcp: mitigate ACK loops for connections as tcp_request_sock").
032ee4236954 ("tcp: helpers to mitigate ACK loops by rate-limiting out-of-window dupacks")
06eb395fa985 ("pkt_sched: fq: better control of DDOS traffic")

Possibly related or at least of interest:

75ff39ccc1bd ("tcp: make challenge acks less predictable")

Comment 4 by groeck@chromium.org, Mar 8 2017 

This problem may be difficult to fix in 3.x kernels. Some background information and possible mitigation:
https://githubengineering.com/syn-flood-mitigation-with-synsanity/

Question to answer is if this really affects us (or, rather, chromeos); it is primarily a problem for systems with fast network connection.

Comment 5 by tsepez@chromium.org, Mar 14 2017

Cc: groeck@chromium.org
 Issue 697818  has been merged into this issue.

Comment 6 by tsepez@chromium.org, Mar 14 2017

Labels: M-59 Security_Impact-Stable Security_Severity-Low
setting serverity low since this is DoS, not information disclosure, and impact statble assuming this is in the current chromes.  Please correct these labels if I'm mistaken.
Project Member

Comment 7 by sheriffbot@chromium.org, Mar 15 2017

Labels: -Pri-1 Pri-2

Comment 8 by groeck@chromium.org, Mar 15 2017

Status: WontFix (was: Assigned)
Closing as WontFix, following RedHat's example; see https://access.redhat.com/security/cve/cve-2017-5972 for details.
Project Member

Comment 9 by sheriffbot@chromium.org, Jun 22 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment