385945 – (CVE-2011-2898) Kernel: linux >= 2.6.39.1 "packet_recvmsg()" and "tpacket_rcv()" functions (net/packet/af_packet.c) do not properly initialise (CVE-2011-{2208,2209,2210,2211,2517,2898})

Bug 385945 (CVE-2011-2898) - Kernel: linux >= 2.6.39.1 "packet_recvmsg()" and "tpacket_rcv()" functions (net/packet/af_packet.c) do not properly initialise (CVE-2011-{2208,2209,2210,2211,2517,2898})

Summary: Kernel: linux >= 2.6.39.1 "packet_recvmsg()" and "tpacket_rcv()" functions (n...

Status:	RESOLVED FIXED

Alias:	CVE-2011-2898

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Kernel Security

URL:	http://secunia.com/advisories/44754/
Whiteboard:	[linux >= 2.6.39.1]
Keywords:

Depends on:
Blocks:

Reported:	2011-10-06 20:34 UTC by Michael Harrison
Modified:	2018-04-04 17:40 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Harrison 2011-10-06 20:34:29 UTC

The "packet_recvmsg()" and "tpacket_rcv()" functions (net/packet/af_packet.c) do not properly initialise a structure before copying it to userspace, which can be exploited to disclose kernel memory.

Comment 1 Michael Harrison 2012-01-31 12:01:29 UTC

Best Advisory I could find:
https://bugzilla.redhat.com/show_bug.cgi?id=728023

Solution:
http://git.kernel.org/linus/13fcb7bd322164c67926ffe272846d4860196dc6

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2018-04-04 17:40:58 UTC

There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.