Re: CVE-2012-5532 hypervkvpd DoS

[Vincent Danen <vdanen () redhat com>]

* [2012-11-27 11:21:03 -0700] Vincent Danen wrote:

> Just a heads-up on a flaw that was found:
>
> Florian Weimer of the Red Hat Product Security Team discovered that hypervkvpd
> would exit when it processed a spoofed Netlink packet that had been sent from
> an untrusted local user, in the following code:
>
>        len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
>                addr_p, &addr_l);
>
>        if (len < 0 || addr.nl_pid) {
>            syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
>                    addr.nl_pid, errno, strerror(errno));
>            close(fd);
>            return -1;
>        }
>
> This has been corrected upstream already.
>
> References:
>
> https://git.kernel.org/?p=linux/kernel/git/gregkh/char-misc.git;a=commit;h=95a69adab9acfc3981c504737a2b6578e4d846ef
> https://bugzilla.redhat.com/show_bug.cgi?id=877572

Ooops.  This is a bit embarrassing.

This is actually CVE-2012-2669.  Please reject CVE-2012-5532 as a
duplicate of CVE-2012-2669.

Thanks.

--
Vincent Danen / Red Hat Security Response Team