oss-sec mailing list archives
Re: CVE request: Linux kernel: net: fib: fib6_add: potential NULL pointer dereference
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 06 Dec 2013 11:43:14 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/06/2013 06:46 AM, P J P wrote:
Hello, Linux kernel built with the IPv6 protocol(CONFIG_IPv6) along with the IPv6 source address based routing support(CONFIG_IPV6_SUBTREE) is vulnerable to a NULL pointer dereference flaw. It could occur while doing an ioctl(SIOCADDRT) call on an IPv6 socket. User would need to have CAP_NET_ADMIN privileges to perform such a call. A user/program with CAP_NET_ADMIN privileges could use this flaw to crash a system resulting in DoS. Upstream fix: ------------- -> https://git.kernel.org/linus/ae7b4e1f213aa659aedf9c6ecad0bf5f0476e1e2 Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1039054 Thank you. -- Prasad J Pandit / Red Hat Security Response Team
Please use CVE-2013-6431 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSohrBAAoJEBYNRVNeJnmTGGYP/1wXcro/6xSG8SmKqUUJXC0I 0WF9oKNyDx2ikUI9gM5f82N3ez2mtHRwygU8WkWRp9rf/XqiE5KvMlVwrRXf+hHB CHpaw9Yc9IoPjXIdBbmXSlgurP362I/b9QwG36qNwEQya78f0eHqnWbDb8VSETpm lhSB3V/3EvFEY+U2/alaIcShrU22xLBknNdTxmkrW9ydloTUIAYpVKv6HXEv+l1+ ZkibEsOG/fIlmRrGqHf0yafyXxooB3Cq9V5zfhrCHntFgZ7HVLS8B7/tTMKhphAH TJvWnU84BE6zF/CiCy5CdlJVA8/h2VSahxB5zbTBkKcoSerbI0QumsRsF4a71J8K xq+PP8eqAVz2LSmfZtul6GD6JirvH6QuHVWN2YhisCUC2wKqcp8uSPI0QneKaf4I SchQMAAQiEIqYCrJpGTY2u6NbGnZeih+vkBbBlJgpzH4CXKl5DoPl3/KsBFwd4kK 7Na8aZWQMYUzvTHywN4WkN/m5OjfyErK89+F0eQqPXFnLUaHKDVOKjzhJ/fcbO2w iUKpHUtc4Wu24moi+NNa4ovvuv9XJ6sjl0easlQZVHlU6MiQZ9d/m640nTz270zC Gc4/NIAD+7Cco+0FgygBgYENkIazKpm8R6uUm3+4NAIVK7m++zD6t1FBdzH7P0A0 mSIRRpTRjeGkGHxEhkId =yU7W -----END PGP SIGNATURE-----
Current thread:
- CVE request: Linux kernel: net: fib: fib6_add: potential NULL pointer dereference P J P (Dec 06)
- Re: CVE request: Linux kernel: net: fib: fib6_add: potential NULL pointer dereference Kurt Seifried (Dec 06)