APPLIED: [CVE-2011-2213] inet_diag: fix inet_diag_bc_audit()
tim.gardner at canonical.com
Wed Sep 14 17:20:35 UTC 2011
On 09/14/2011 09:51 AM, Andy Whitcroft wrote:
> The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the
> Linux kernel before 220.127.116.11 does not properly audit INET_DIAG
> bytecode, which allows local users to cause a denial of service
> (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE
> instructions in a netlink message, as demonstrated by an
> INET_DIAG_BC_JMP instruction with a zero yes value, a different
> vulnerability than CVE-2010-3880.
> The patch for this issue has hit lucid, and oneiric via mainline and
> stable. Following this email is a patch which fixes this for hardy,
> lucid/fsl-imx51, maverick, maverick/ti-omap4, natty, and natty/ti-omap4.
> This is a simple cherry-pick from the mainline fix; it can be noted the
> code is identicle between hardy and oneiric for this routine.
> Proposing for hardy, lucid/fsl-imx51, maverick, maverick/ti-omap4, natty,
> and natty/ti-omap4.
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team