oss-sec mailing list archives

CVE request: -- Linux kernel: Null pointer dereference in tipc_nl_publ_dump

From: Baozeng Ding <sploving1 () gmail com>
Date: Sat, 21 May 2016 19:21:56 +0800

Hello,

Without checking the pointer to the netlink socket attribute, it couldcause a null pointer dereference when parsing the nested attributes infunction tipc_nl_publ_dump. It allows local users to cause a denial ofservice. This vulnerability affects Linux kernel versions from 3.19 to 4.6.


References:
http://lists.openwall.net/netdev/2016/05/14/28
http://lists.openwall.net/netdev/2016/05/16/26

Fixed via:
https://github.com/torvalds/linux/commit/45e093ae2830cd1264677d47ff9a95a71f5d9f9c

Introduce by:
https://github.com/torvalds/linux/commit/1a1a143daf84db95dd7212086042004a3abb7bc2

Could you please assign a CVE for this vulnerability? Thank you.

Best Regards,
Baozeng Ding,  Alibaba Mobile Security Team

Current thread:

CVE request: -- Linux kernel: Null pointer dereference in tipc_nl_publ_dump Baozeng Ding (May 21)
- Re: CVE request: -- Linux kernel: Null pointer dereference in tipc_nl_publ_dump cve-assign (May 21)