oss-sec mailing list archives

CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message

From: P J P <ppandit () redhat com>
Date: Fri, 9 May 2014 19:03:44 +0530 (IST)

   Hello,

Linux kenrel built with the BPF interpreter support in the networking core isvulnerable to an out of bounds buffer access flaw. It occurs when accessing anetlink attribute from the skb->data buffer.

An unprivileged user/program could use this flaw to crash the system kernelresulting in DoS.


Upstream fix:
-------------
  -> https://git.kernel.org/linus/05ab8f2647e4221cbdb3856dd7d32bd5407316b3

Introduced by:
--------------
  -> https://git.kernel.org/linus/4738c1db1593687713869fa69e733eebc7b0d6d8
  -> https://git.kernel.org/linus/d214c7537bbf2f247991fb65b3420b0b3d712c67

Thank you.
--
Prasad J Pandit / Red Hat Security Response Team

Current thread:

CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message P J P (May 09)
- Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message cve-assign (May 09)