On Sun, Feb 24, 2013 at 10:10:45AM +0100, Mathias Krause wrote:
An unprivileged user can send a netlink message resulting in an
out-of-bounds access of the sock_diag_handlers array which, in turn,
allows userland to take over control while in kernel mode.
Patch (already in net/master):
v3.3 - v3.8
Nice find! Do you happen to know of distro backports of the affected
code to older kernels? When you wrote that the bug is "in there for
ages", did you mean that 3.3 has been out "for ages" or something else?