[CVE-2011-1080] bridge: netfilter: fix information leak

Andy Whitcroft apw at canonical.com
Tue Jul 26 18:51:19 UTC 2011

	Struct tmp is copied from userspace.  It is not checked whether
	the "name" field is NULL terminated.  This may lead to buffer
	overflow and passing contents of kernel stack as a module name
	to try_then_request_module() and, consequently, to modprobe
	commandline.  It would be seen by all userspace processes.

The fix for this CVE has hit lucid and later via mainline and stable.
Following this email are two patches one for hardy and lucid/fsl-imx51,
and one for maverick/ti-omap4.  The former is a minor backport due to a
large change in line numbers, the latter a simple cherrypick.

Proposing for hardy, lucid/fsl-imx51, and maverick/ti-omap4.


More information about the kernel-team mailing list