Re: CVE request: kernel: NULL pointer dereference in AF_ECONET

[Eugene Teo <eugene () redhat com>]

On 12/09/2010 11:27 AM, Nelson Elhage wrote:
> The Linux implementation of ACORN networking over UDP does not
> properly look up the device an incoming packet was received on,
> potentially resulting in a denial of service (NULL pointer
> dereference).
>
> This is remotely triggerable if the econet module is loaded, but
> realistically the only reason is likely to have it loaded is because
> they're trying to run an exploit.
>
> Reference:
> http://marc.info/?l=linux-netdev&m=129185496013580&w=2

Proposed patch: http://marc.info/?l=linux-netdev&m=129186011218615&w=2

Please use CVE-2010-4342.

Thanks, Eugene