oss-sec mailing list archives
Re: CVE request: kernel: inet_diag: fix inet_diag_bc_audit()
From: Josh Bressers <bressers () redhat com>
Date: Mon, 20 Jun 2011 15:08:33 -0400 (EDT)
----- Original Message -----
[PATCH] inet_diag: fix inet_diag_bc_audit() A malicious user or buggy application can inject code and trigger an infinite loop in inet_diag_bc_audit()
Use CVE-2011-2213.
Also make sure each instruction is aligned on 4 bytes boundary, to avoid unaligned accesses.
Should this get a seperate ID?
Reported-by: Dan Rosenberg <drosenberg () vsecurity com> http://thread.gmane.org/gmane.linux.network/197206/focus=197386 http://patchwork.ozlabs.org/patch/100857/ https://bugzilla.redhat.com/show_bug.cgi?id=714536
Thanks.
--
JB
Current thread:
- CVE request: kernel: inet_diag: fix inet_diag_bc_audit() Eugene Teo (Jun 19)
- Re: CVE request: kernel: inet_diag: fix inet_diag_bc_audit() Josh Bressers (Jun 20)
- Re: CVE request: kernel: inet_diag: fix inet_diag_bc_audit() Dan Rosenberg (Jun 20)
- Re: CVE request: kernel: inet_diag: fix inet_diag_bc_audit() Josh Bressers (Jun 20)