Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 385931 (CVE-2011-2213)

Summary: Kernel: linux >= error when processing the "osf_wait4()" system call in arch/alpha/kernel/osf_sys.c (CVE-2011-2213)
Product: Gentoo Security Reporter: Michael Harrison <n0idx80>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Severity: minor CC: alpha-kernel, kernel
Priority: Normal    
Version: unspecified   
Hardware: Alpha   
OS: Linux   
Whiteboard: [linux >=]
Package list:
Runtime testing required: ---

Description Michael Harrison 2011-10-06 20:19:23 UTC
An error when processing the "osf_wait4()" system call in arch/alpha/kernel/osf_sys.c can be exploited to manipulate kernel memory.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:35:48 UTC
CVE-2011-2213 (
  The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel
  before does not properly audit INET_DIAG bytecode, which allows
  local users to cause a denial of service (kernel infinite loop) via crafted
  INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by
  an INET_DIAG_BC_JMP instruction with a zero yes value, a different
  vulnerability than CVE-2010-3880.
Comment 2 Michael Harrison 2012-01-31 11:01:48 UTC
Original Advisory: 

Fixed in version
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 17:36:48 UTC
There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.