oss-sec mailing list archives
CVE-2018-7492: Linux kernel: Null pointer dereference in net/rds/rdma.c:__rds_rdma_map()
From: Vladis Dronov <vdronov () redhat com>
Date: Tue, 27 Feb 2018 06:55:29 -0500 (EST)
Hello,
[Suggested description] A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. ------------------------------------------ [VulnerabilityType Other] CWE-476 NULL Pointer Dereference ------------------------------------------ [Vendor of Product] kernel.org: Linux kernel ------------------------------------------ [Affected Product Code Base] Linux kernel - fixed since v4.15-rc3 ------------------------------------------ [Affected Component] 'net/rds/rdma.c' file, __rds_rdma_map() function ------------------------------------------ [Attack Type] Local ------------------------------------------ [Impact Denial of Service] true ------------------------------------------ [Attack Vectors] to exploit vulnerability a certain setsockopt() call should be made for an AF_RDS socket. ------------------------------------------ [Reference] https://patchwork.kernel.org/patch/10096441/ https://xorl.wordpress.com/2017/12/18/linux-kernel-rdma-null-pointer-dereference/ https://bugzilla.redhat.com/show_bug.cgi?id=1527393 https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7 ------------------------------------------ [Discoverer] syzkaller719569Use CVE-2018-7492.
Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Current thread:
- CVE-2018-7492: Linux kernel: Null pointer dereference in net/rds/rdma.c:__rds_rdma_map() Vladis Dronov (Feb 27)