oss-sec mailing list archives

Re: CVE request: kernel: logic error in INET_DIAG bytecode auditing

From: Josh Bressers <bressers () redhat com>
Date: Fri, 5 Nov 2010 15:50:18 -0400 (EDT)


----- "Nelson Elhage" <nelhage () ksplice com> wrote:

INET_DIAG is inconsistent about how it looks up the bytecode contained
in a
netlink message, making it possible for a user to cause the kernel to
execute
unaudited INET_DIAG bytecode.

This can be abused to make the kernel enter an infinite loop, and
possibly other
consequences, although I haven't thought of anything else
interesting.

Reference:
http://www.spinics.net/lists/netdev/msg145899.html


Please use CVE-2010-3880.

Thanks.

-- 
    JB

Current thread:

CVE request: kernel: logic error in INET_DIAG bytecode auditing Nelson Elhage (Nov 04)
- Re: CVE request: kernel: logic error in INET_DIAG bytecode auditing Josh Bressers (Nov 05)