282529 – (CVE-2009-2698) Kernel: UDP NULL pointer dereference (CVE-2009-2698)

Bug 282529 (CVE-2009-2698) - Kernel: UDP NULL pointer dereference (CVE-2009-2698)

Summary: Kernel: UDP NULL pointer dereference (CVE-2009-2698)

Status:	RESOLVED FIXED

Alias:	CVE-2009-2698

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://git.kernel.org/?p=linux/kernel...
Whiteboard:	[ linux < 2.6.19 ]
Keywords:

Depends on:
Blocks:

Reported:	2009-08-24 07:49 UTC by Alex Legler (RETIRED)
Modified:	2013-09-12 05:01 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Legler (RETIRED) archtester

2009-08-24 07:49:59 UTC

Mark J. Cox in a RedHat bug:
Tavis Ormandy and Julien Tinnes, Google Security Team reported that Kernels <=
2.6.18.8 are vulnerable to a NULL pointer dereference issue when using MSG_MORE
on udp sockets.

Comment 1 Alex Legler (RETIRED) archtester

2009-08-27 20:42:51 UTC

CVE-2009-2698 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2698):
  The UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c
  in the Linux kernel before 2.6.19 allows local users to gain
  privileges or cause a denial of service (NULL pointer dereference and
  system crash) via vectors involving the MSG_MORE flag and a UDP
  socket.