APPLIED: [CVE-2011-2213] inet_diag: fix inet_diag_bc_audit()
Tim Gardner
tim.gardner at canonical.com
Wed Sep 14 17:20:35 UTC 2011
On 09/14/2011 09:51 AM, Andy Whitcroft wrote:
> CVE-2011-2213
> The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the
> Linux kernel before 2.6.39.3 does not properly audit INET_DIAG
> bytecode, which allows local users to cause a denial of service
> (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE
> instructions in a netlink message, as demonstrated by an
> INET_DIAG_BC_JMP instruction with a zero yes value, a different
> vulnerability than CVE-2010-3880.
>
> The patch for this issue has hit lucid, and oneiric via mainline and
> stable. Following this email is a patch which fixes this for hardy,
> lucid/fsl-imx51, maverick, maverick/ti-omap4, natty, and natty/ti-omap4.
> This is a simple cherry-pick from the mainline fix; it can be noted the
> code is identicle between hardy and oneiric for this routine.
>
> Proposing for hardy, lucid/fsl-imx51, maverick, maverick/ti-omap4, natty,
> and natty/ti-omap4.
>
> -apw
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list