Linux Kernel RDS Null Pointer Dereference Lets Local Users Cause Denial of Service Conditions on the Target System
|
SecurityTracker Alert ID: 1034453 |
SecurityTracker URL: http://securitytracker.com/id/1034453
|
CVE Reference:
CVE-2015-6937, CVE-2015-7990
(Links to External Site)
|
Updated: Dec 30 2015
|
Original Entry Date: Dec 17 2015
|
Impact:
Denial of service via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in the Linux kernel. A local user can cause denial of service conditions on the target system.
A local user can trigger a null pointer dereference in the __rds_conn_create() function in 'net/rds/connection.c' and cause the target system to crash.
|
Impact:
A local user can cause the target system to crash.
|
Solution:
The vendor has issued a source code fix [in September 2015], available at:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=74e98eb085889b0d2d4908f59f6e00026063014f
[Editor's note: The above fix was incomplete. The incomplete fix was assigned CVE-2015-7990.]
The vendor has issued a revised source code fix [in November 2015], available at:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8c7188b23474cca017b3ef354c4a58456f68303a
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause:
Access control error
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|