oss-sec mailing list archives
CVE request: kernel: logic error in INET_DIAG bytecode auditing
From: Nelson Elhage <nelhage () ksplice com>
Date: Thu, 4 Nov 2010 15:44:16 -0400
INET_DIAG is inconsistent about how it looks up the bytecode contained in a netlink message, making it possible for a user to cause the kernel to execute unaudited INET_DIAG bytecode. This can be abused to make the kernel enter an infinite loop, and possibly other consequences, although I haven't thought of anything else interesting. Reference: http://www.spinics.net/lists/netdev/msg145899.html - Nelson
Current thread:
- CVE request: kernel: logic error in INET_DIAG bytecode auditing Nelson Elhage (Nov 04)
- Re: CVE request: kernel: logic error in INET_DIAG bytecode auditing Josh Bressers (Nov 05)