oss-sec mailing list archives

CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established()

From: Eugene Teo <eugene () redhat com>
Date: Mon, 20 Apr 2009 17:35:05 +0800

According to the upstream commit 3f53a381, "we already have a valid net
in that place, but... the tw pointer can be NULL there sometimes, thus
causing an oops in NET_NS=y case.

The same place in ipv4 code already works correctly using existing
net, rather than tw's one."

The bug exists since 2.6.27.

http://git.kernel.org/linus/3f53a38131a4e7a053c0aa060aba0411242fb6b9

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Current thread:

CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Eugene Teo (Apr 20)
- Re: CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Eugene Teo (Apr 22)
  - Re: CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Steven M. Christey (Apr 24)