oss-sec: Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]

[Marcus Meissner <meissner () suse de>]

On Mon, Feb 25, 2013 at 02:13:49PM +0400, Solar Designer wrote:
> On Sun, Feb 24, 2013 at 10:10:45AM +0100, Mathias Krause wrote:
> > An unprivileged user can send a netlink message resulting in an
> > out-of-bounds access of the sock_diag_handlers[] array which, in turn,
> > allows userland to take over control while in kernel mode.
> >
> > Patch (already in net/master):
> > http://thread.gmane.org/gmane.linux.network/260061
> >
> > Affected versions:
> > v3.3 - v3.8
> Nice find!  Do you happen to know of distro backports of the affected
> code to older kernels?  When you wrote that the bug is "in there for
> ages", did you mean that 3.3 has been out "for ages" or something else?
We did not backport the sock_diag code to SUSE Linux Enterprise Server 11 SP2.

Ciao, Marcus