Revision history [back]
 | 1 | initial version | posted 2017-07-20 13:04:45 +0200  |
cleanups in sock_setsockopt() in kernel-net CVE-2012-6704
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option.
Patch available (kernel-3.5 and kernel-3.2 patch are the same, so no problem for kernel-3.4-sbj)...
file affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/core/sock.c lines 577-598 ; 607-617 ; 629-636 ; 981-987 ; 1017-1023
| | 2 | No.2 Revision |
cleanups in sock_setsockopt() in kernel-net CVE-2012-6704
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option.option. CVSS v3 Base Score: 7.8high (attack range: local)
Patch available (kernel-3.5 and kernel-3.2 patch are the same, so no problem for kernel-3.4-sbj)...
file affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/core/sock.c lines 577-598 ; 607-617 ; 629-636 ; 981-987 ; 1017-1023
| | 3 | No.3 Revision |
cleanups in sock_setsockopt() in kernel-net CVE-2012-6704
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. CVSS v3 Base Score: 7.8high (attack range: local)
Patch available (kernel-3.5 and kernel-3.2 patch are the same, so no problem for kernel-3.4-sbj)...
file File affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/core/sock.c lines 577-598 ; 607-617 ; 629-636 ; 981-987 ; 1017-1023
| | 4 | No.4 Revision |
cleanups in sock_setsockopt() in kernel-net CVE-2012-6704
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. CVSS v3 Base Score: 7.8high (attack range: local)
Patch available (kernel-3.5 and kernel-3.2 patch are the same, so no problem for kernel-3.4-sbj)...
File file affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/core/sock.c lines 577-598 ; 607-617 ; 629-636 ; 981-987 ; 1017-1023
| | 5 | No.5 Revision |
cleanups in sock_setsockopt() in kernel-net CVE-2012-6704
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. CVSS v3 Base Score: 7.8high (attack range: local)
Patch is available (kernel-3.5 and kernel-3.2 patch are the same, so no problem for kernel-3.4-sbj)...
file affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/core/sock.c lines 577-598 ; 607-617 ; 629-636 ; 981-987 ; 1017-1023
| | 6 | No.6 Revision |
cleanups in sock_setsockopt() in kernel-net CVE-2012-6704
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. CVSS v3 Base Score: 7.8high (attack range: local)
Patch is available (kernel-3.5 and kernel-3.2 patch are the same, equal, so no problem for kernel-3.4-sbj)...
file affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/core/sock.c lines 577-598 ; 607-617 ; 629-636 ; 981-987 ; 1017-1023
| | 7 | No.7 Revision |
cleanups in sock_setsockopt() in kernel-net CVE-2012-6704
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. CVSS v3 Base Score: 7.8high (attack range: local)
Patch is available (kernel-3.5 and kernel-3.2 patchpatch are equal, so no problem for kernel-3.4-sbj)...
file affected: kernel-adaptation-sbj-3.4.108.20161101.1/net/core/sock.c lines 577-598 ; 607-617 ; 629-636 ; 981-987 ; 1017-1023