[CVE-2010-3873] memory corruption in X.25 facilities parsing
Andy Whitcroft
apw at canonical.com
Tue Oct 4 10:58:06 UTC 2011
CVE-2010-3873
The X.25 implementation in the Linux kernel before 2.6.36.2 does
not properly parse facilities, which allows remote attackers to
cause a denial of service (heap memory corruption and panic)
or possibly have unspecified other impact via malformed (1)
X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to
net/x25/x25_facilities.c and net/x25/x25_in.c, a different
vulnerability than CVE-2010-4164.
It seems that this fix was was applied correctly to all branches except
for maverick/ti-omap4. Following this email is a direct cherry-pick
from mainline containing the same fix as already applied elsewhere.
Proposing for maverick/ti-omap4.
-apw
More information about the kernel-team
mailing list