mailing list archives
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers
From: Petr Matousek <pmatouse () redhat com>
Date: Sun, 24 Feb 2013 14:49:31 +0100
On Sun, Feb 24, 2013 at 10:10:45AM +0100, Mathias Krause wrote:
An unprivileged user can send a netlink message resulting in an
out-of-bounds access of the sock_diag_handlers array which, in turn,
allows userland to take over control while in kernel mode.
Patch (already in net/master):
v3.3 - v3.8
PoC is not attached this time but can be requested on demand. Hint:
Works well on Fedora 18, bypassing all mmap_min_addr checks. ;)
Please use CVE-2013-1763.
Petr Matousek / Red Hat Security Response Team