Revision history [back]
 | 1 | initial version | posted 2017-05-11 15:27:59 +0200  |
fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() in kernel-net CVE-2016-10200
Description
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c (and net/l2tp/l2tp_ip6.c. -- not in kernel-adaptation-sbj-3.4.108.20161101.1) CVSS v3:7.0 high/medium (attack range: local)
Upstream Patch available.
File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/l2tp/l2tp_ip.c lines 254-261; 269-273
| | 2 | retagged |
fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() in kernel-net CVE-2016-10200
Description
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c (and net/l2tp/l2tp_ip6.c. -- not in kernel-adaptation-sbj-3.4.108.20161101.1) CVSS v3:7.0 high/medium (attack range: local)
Upstream Patch available.
File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/l2tp/l2tp_ip.c lines 254-261; 269-273