oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2018-7492: Linux kernel: Null pointer dereference in net/rds/rdma.c:__rds_rdma_map()

From: Vladis Dronov <vdronov () redhat com>
Date: Tue, 27 Feb 2018 06:55:29 -0500 (EST)
Hello,


[Suggested description]
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map()
function in the Linux kernel before 4.14.7 allowing local attackers to cause
a system panic and a denial-of-service, related to RDS_GET_MR and
RDS_GET_MR_FOR_DEST.

------------------------------------------

[VulnerabilityType Other]
CWE-476 NULL Pointer Dereference

------------------------------------------

[Vendor of Product]
kernel.org: Linux kernel

------------------------------------------

[Affected Product Code Base]
Linux kernel - fixed since v4.15-rc3

------------------------------------------

[Affected Component]
'net/rds/rdma.c' file, __rds_rdma_map() function

------------------------------------------

[Attack Type]
Local

------------------------------------------

[Impact Denial of Service]
true

------------------------------------------

[Attack Vectors]
to exploit vulnerability a certain setsockopt() call should be made for an AF_RDS socket.

------------------------------------------

[Reference]
https://patchwork.kernel.org/patch/10096441/
https://xorl.wordpress.com/2017/12/18/linux-kernel-rdma-null-pointer-dereference/
https://bugzilla.redhat.com/show_bug.cgi?id=1527393
https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7

------------------------------------------

[Discoverer]
syzkaller719569


Use CVE-2018-7492.


Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Previous By Date Next
Previous By Thread Next

Current thread: