[CVE-2012-2669] Tools: hv: verify origin of netlink connector message
Luis Henriques
luis.henriques at canonical.com
Wed Jan 9 12:32:32 UTC 2013
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed
in the Linux kernel before 3.4.5, does not validate the origin of Netlink
messages, which allows local users to spoof Netlink communication via a
crafted connector message.
Following this email, there's a patch that fixes this issue for
Oneiric. This patch is a backport from
bcc2c9c3fff859e0eb019fe6fec26f9b8eba795c.
Note however that, after applying this commit, the Oneiric kernel will
be exposed to CVE-2012-5532. I will submit a backport of this CVE fix in
a different thread.
Olaf Hering (1):
Tools: hv: verify origin of netlink connector message
drivers/staging/hv/tools/hv_kvp_daemon.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
--
1.8.0
More information about the kernel-team
mailing list