Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 385931 (CVE-2011-2213) - Kernel: linux >= 2.6.39.1 error when processing the "osf_wait4()" system call in arch/alpha/kernel/osf_sys.c (CVE-2011-2213)
Summary: Kernel: linux >= 2.6.39.1 error when processing the "osf_wait4()" system call...
Status: RESOLVED FIXED
Alias: CVE-2011-2213
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: Alpha Linux
: Normal minor (vote)
Assignee: Gentoo Kernel Security
URL: http://secunia.com/advisories/44754/
Whiteboard: [linux >= 2.6.39.1]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-06 20:19 UTC by Michael Harrison
Modified: 2018-04-04 17:36 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Harrison 2011-10-06 20:19:23 UTC
An error when processing the "osf_wait4()" system call in arch/alpha/kernel/osf_sys.c can be exploited to manipulate kernel memory.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:35:48 UTC
CVE-2011-2213 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2213):
  The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel
  before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows
  local users to cause a denial of service (kernel infinite loop) via crafted
  INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by
  an INET_DIAG_BC_JMP instruction with a zero yes value, a different
  vulnerability than CVE-2010-3880.
Comment 2 Michael Harrison 2012-01-31 11:01:48 UTC
Original Advisory:
https://lkml.org/lkml/2011/6/11/87 

Solution:
Fixed in version 2.6.35.14
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 17:36:48 UTC
There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.