From $URL : On Fri, Aug 31, 2012 at 06:11:53PM +0200, Petr Matousek wrote: > Description of the problem: > Lack proper synchronization to manipulate inet->opt ip_options can lead > to system crash. > > Problem is that ip_make_skb() calls ip_setup_cork() and ip_setup_cork() > possibly makes a copy of ipc->opt (struct ip_options), without any > protection against another thread manipulating inet->opt. Another thread > can change inet->opt pointer and free old one under us. > > Given right server application (setting socket options and processing > traffic over the same socket at the same time), remote attacker could > use this flaw to crash the system. More likely though, local > unprivileged user could use this flaw to crash the system. What are our reasons to claim that this is merely a DoS, as opposed to a potential for arbitrary code execution with kernel privileges (at least in the local attack case)? > Upstream fix: > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f6d8bd051c391c1c0458a30b2a7abcd939329259 This was assigned CVE-2012-3552: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3552
There are no longer any 2.x or <3.0 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.
