[PATCH 00/11] [lucid/master] CVE-2010-4251 v2

Paolo Pisati paolo.pisati at canonical.com
Mon Jul 11 16:03:37 UTC 2011

On 07/11/2011 05:23 PM, Tim Gardner wrote:
> While researching these patches I stumbled across some further analysis
> of this vulnerability by Eugene Teo at
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4251 in which he
> includes a 2.6.35 patch from Eric Duzamet which really, really fixes the
> problem.

you mean c377411f24 ("net: sk_add_backlog() take rmem_alloc into
account")? saw that, and is handled in another CVE in our db
(CVE-2010-4805), so i wanted to issue a subsequent pull.

> If we're gonna wreak this level of havoc on the network layer, then we

and you didn't see what it takes to make it to hardy...


More information about the kernel-team mailing list