oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request -- Linux kernel: net: ping: refcount issue in ping_init_sock() function

From: cve-assign () mitre org
Date: Fri, 11 Apr 2014 11:08:19 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


A flaw was found in the way ping_init_sock() function handled
group_info struct reference counter. Since group_info refcounter is
only incremented but never decremented in this codepath, it could lead
to refcounter overflow and possibly to use-after-free issue later.

An unprivileged local user could use this flaw to crash the system or,
potentially, escalate their privileges on the system.

https://bugzilla.redhat.com/show_bug.cgi?id=1086730

https://lkml.org/lkml/2014/4/10/736 (not yet available at
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/net/ipv4/ping.c)


Use CVE-2014-2851.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTSATmAAoJEKllVAevmvmsTB4H+wRZGJdbJ9LUbFivCT1FQyze
Qj3SMrvu8R9K3dX1RU5iBQk1JDo9tdI8lFVm17JA7HXxVMi/wnivyxLHeNHN8oS1
HfMKc+nL+4mbizPyw+qAhpntgjmy5MuMHAv6C7/cQPHPX25gI1bc/SKhoAaUiHCT
iRk5IxwC3VjXD3RhCAjZ2giVvjCVXqkbLmuEFz8SEVx2oMnI+X1mR7tRETjD5lxK
G/kR5/nrobA0p5Kg0q/VAa37aoruxkUsSwTz5LWyHgqxfQALKO2UfPZZYD5/TMxn
ZkFXv9qLyzuMeWqnX/QDfv30AyBMcpP11h0+TJ4n5ZTnwaNRDu0AYaZTVRWu61Q=
=N7gK
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: