Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 289914 (CVE-2009-2909)

Summary: Kernel: ax_25setsockopt() negative "optlen" OOPS DoS (CVE-2009-2909)
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: hardened-kernel+disabled, kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=b7058842c940ad2c08dd829b21e5c92ebe3b8758
Whiteboard: [linux <2.6.31.2] [gp <2.6.31-3]
Package list:
Runtime testing required: ---

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-10-20 21:52:47 UTC 
CVE-2009-2909 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2909):
  Integer signedness error in the ax25_setsockopt function in
  net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before
  2.6.31.2 allows local users to cause a denial of service (OOPS) via a
  crafted optlen value in an SO_BINDTODEVICE operation.