[CVE-2011-1598] can: Add missing socket check in can/bcm release.
Andy Whitcroft
apw at canonical.com
Mon Jun 13 10:58:04 UTC 2011
CVE-2011-1598
The bcm_release function in net/can/bcm.c in the Linux kernel
before 2.6.39-rc6 does not properly validate a socket data
structure, which allows local users to cause a denial of service
(NULL pointer dereference) or possibly have unspecified other
impact via a crafted release operation.
This is fixed by the upstream commit below:
commit c6914a6f261aca0c9f715f883a353ae7ff51fe83
Author: Dave Jones <davej at redhat.com>
Date: Tue Apr 19 20:36:59 2011 -0700
can: Add missing socket check in can/bcm release.
We can get here with a NULL socket argument passed from userspace,
so we need to handle it accordingly.
Signed-off-by: Dave Jones <davej at redhat.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
This commit has hit Lucid, Natty, and Oneric via mainline/stable updates.
Hardy is not affected as it does not have the can protocol. Lucid/ec2,
Lucid/mvl-dove, Maverick/mvl-dove, and Lucid/lts-backport-natty have all
received this fix via their parent. Fixes are therefore required for
Lucid/fsl-imx51, Maverick/master, Maverick/ti-omap4, and Natty/ti-omap4.
Following this email is a patch for all of the affected branches, this
is a clean cherry-pick from mainline.
Proposing for Lucid/fsl-imx51, Maverick/master, Maverick/ti-omap4,
and Natty/ti-omap4.
-apw
More information about the kernel-team
mailing list