oss-sec mailing list archives

Re: CVE request - kernel: bridge br_multicast NULL pointer dereference

From: Josh Bressers <bressers () redhat com>
Date: Wed, 16 Feb 2011 08:44:08 -0500 (EST)



----- Original Message -----

"Somewhere along the line the NULL check in br_mdb_ip_get went AWOL,
causing crashes when we receive an IGMP packet with no multicast table
allocated.

This patch restores it and ensures all br_mdb_*_get functions use it."

http://git.kernel.org/linus/7f285fa78d4b81b8458f05e77fb6b46245121b4e

Did a quick check: net/bridge/br_multicast.c was introduced in
eb1d1641
(2.6.34-rc1), the check was removed in 8ef2a9a5 (v2.6.35-rc1), and
subsequently restored in 7f285fa78d (v2.6.35-rc5).


Please use CVE-2011-0709.

Thanks.

-- 
    JB

Current thread:

CVE request - kernel: bridge br_multicast NULL pointer dereference Eugene Teo (Feb 16)
- Re: CVE request - kernel: bridge br_multicast NULL pointer dereference Josh Bressers (Feb 16)
  - Re: CVE request - kernel: bridge br_multicast NULL pointer dereference Moritz Muehlenhoff (Feb 16)