oss-sec mailing list archives
Re: CVE request -- Linux kernel: net: ping: refcount issue in ping_init_sock() function
From: cve-assign () mitre org
Date: Fri, 11 Apr 2014 11:08:19 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
A flaw was found in the way ping_init_sock() function handled group_info struct reference counter. Since group_info refcounter is only incremented but never decremented in this codepath, it could lead to refcounter overflow and possibly to use-after-free issue later. An unprivileged local user could use this flaw to crash the system or, potentially, escalate their privileges on the system. https://bugzilla.redhat.com/show_bug.cgi?id=1086730 https://lkml.org/lkml/2014/4/10/736 (not yet available at http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/net/ipv4/ping.c)
Use CVE-2014-2851. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTSATmAAoJEKllVAevmvmsTB4H+wRZGJdbJ9LUbFivCT1FQyze Qj3SMrvu8R9K3dX1RU5iBQk1JDo9tdI8lFVm17JA7HXxVMi/wnivyxLHeNHN8oS1 HfMKc+nL+4mbizPyw+qAhpntgjmy5MuMHAv6C7/cQPHPX25gI1bc/SKhoAaUiHCT iRk5IxwC3VjXD3RhCAjZ2giVvjCVXqkbLmuEFz8SEVx2oMnI+X1mR7tRETjD5lxK G/kR5/nrobA0p5Kg0q/VAa37aoruxkUsSwTz5LWyHgqxfQALKO2UfPZZYD5/TMxn ZkFXv9qLyzuMeWqnX/QDfv30AyBMcpP11h0+TJ4n5ZTnwaNRDu0AYaZTVRWu61Q= =N7gK -----END PGP SIGNATURE-----
Current thread:
- CVE request -- Linux kernel: net: ping: refcount issue in ping_init_sock() function Petr Matousek (Apr 11)
- Re: CVE request -- Linux kernel: net: ping: refcount issue in ping_init_sock() function cve-assign (Apr 11)