[CVE-2011-2213] inet_diag: fix inet_diag_bc_audit()
Andy Whitcroft
apw at canonical.com
Wed Sep 14 15:51:14 UTC 2011
CVE-2011-2213
The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the
Linux kernel before 2.6.39.3 does not properly audit INET_DIAG
bytecode, which allows local users to cause a denial of service
(kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE
instructions in a netlink message, as demonstrated by an
INET_DIAG_BC_JMP instruction with a zero yes value, a different
vulnerability than CVE-2010-3880.
The patch for this issue has hit lucid, and oneiric via mainline and
stable. Following this email is a patch which fixes this for hardy,
lucid/fsl-imx51, maverick, maverick/ti-omap4, natty, and natty/ti-omap4.
This is a simple cherry-pick from the mainline fix; it can be noted the
code is identicle between hardy and oneiric for this routine.
Proposing for hardy, lucid/fsl-imx51, maverick, maverick/ti-omap4, natty,
and natty/ti-omap4.
-apw
More information about the kernel-team
mailing list