Revision history [back]
 | 1 | initial version | posted 2017-08-24 09:32:37 +0300  |
avoid use-after-free in ep_remove_wait_queue in kernel-net-unix CVE-2013-7446
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.
Patch for kernel-3.4 available.
files affected: kernel-adaptation-sbj-3.4.108.20161101.1/include/net/af_unix.h lines 59-64 kernel-adaptation-sbj-3.4.108.20161101.1/net/unix/af_unix.c lines 306 following...
| | 2 | retagged |
avoid use-after-free in ep_remove_wait_queue in kernel-net-unix CVE-2013-7446
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.
Patch for kernel-3.4 available.
files affected: kernel-adaptation-sbj-3.4.108.20161101.1/include/net/af_unix.h lines 59-64 kernel-adaptation-sbj-3.4.108.20161101.1/net/unix/af_unix.c lines 306 following...