Re: CVE request: Linux kernel: net: fib: fib6_add: potential NULL pointer dereference

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/06/2013 06:46 AM, P J P wrote:
> Hello,
>
> Linux kernel built with the IPv6 protocol(CONFIG_IPv6) along with
> the IPv6 source address based routing support(CONFIG_IPV6_SUBTREE)
> is vulnerable to a NULL pointer dereference flaw. It could occur
> while doing an ioctl(SIOCADDRT) call on an IPv6 socket. User would
> need to have CAP_NET_ADMIN privileges to perform such a call.
>
> A user/program with CAP_NET_ADMIN privileges could use this flaw to
> crash a system resulting in DoS.
>
> Upstream fix: ------------- ->
> https://git.kernel.org/linus/ae7b4e1f213aa659aedf9c6ecad0bf5f0476e1e2
>
>  Reference: ---------- ->
> https://bugzilla.redhat.com/show_bug.cgi?id=1039054
>
>
> Thank you. -- Prasad J Pandit / Red Hat Security Response Team

Please use CVE-2013-6431 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSohrBAAoJEBYNRVNeJnmTGGYP/1wXcro/6xSG8SmKqUUJXC0I
0WF9oKNyDx2ikUI9gM5f82N3ez2mtHRwygU8WkWRp9rf/XqiE5KvMlVwrRXf+hHB
CHpaw9Yc9IoPjXIdBbmXSlgurP362I/b9QwG36qNwEQya78f0eHqnWbDb8VSETpm
lhSB3V/3EvFEY+U2/alaIcShrU22xLBknNdTxmkrW9ydloTUIAYpVKv6HXEv+l1+
ZkibEsOG/fIlmRrGqHf0yafyXxooB3Cq9V5zfhrCHntFgZ7HVLS8B7/tTMKhphAH
TJvWnU84BE6zF/CiCy5CdlJVA8/h2VSahxB5zbTBkKcoSerbI0QumsRsF4a71J8K
xq+PP8eqAVz2LSmfZtul6GD6JirvH6QuHVWN2YhisCUC2wKqcp8uSPI0QneKaf4I
SchQMAAQiEIqYCrJpGTY2u6NbGnZeih+vkBbBlJgpzH4CXKl5DoPl3/KsBFwd4kK
7Na8aZWQMYUzvTHywN4WkN/m5OjfyErK89+F0eQqPXFnLUaHKDVOKjzhJ/fcbO2w
iUKpHUtc4Wu24moi+NNa4ovvuv9XJ6sjl0easlQZVHlU6MiQZ9d/m640nTz270zC
Gc4/NIAD+7Cco+0FgygBgYENkIazKpm8R6uUm3+4NAIVK7m++zD6t1FBdzH7P0A0
mSIRRpTRjeGkGHxEhkId
=yU7W
-----END PGP SIGNATURE-----