Summary: | Kernel: UDP NULL pointer dereference (CVE-2009-2698) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Kernel | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kernel |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=1e0c14f49d6b393179f423abbac47f85618d3d46 | ||
Whiteboard: | [ linux < 2.6.19 ] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2009-08-24 07:49:59 UTC
CVE-2009-2698 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2698): The UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. |