Back to search
CVE-2010-3880
Published: Dec 10, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
42789
third-party-advisory
x_refsource_SECUNIA
ADV-2011-0024
vdb-entry
x_refsource_VUPEN
RHSA-2011:0004
vendor-advisory
x_refsource_REDHAT
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
mailing-list
x_refsource_BUGTRAQ
46397
third-party-advisory
x_refsource_SECUNIA
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2
x_refsource_CONFIRM
44665
vdb-entry
x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=651264
x_refsource_CONFIRM
RHSA-2011:0007
vendor-advisory
x_refsource_REDHAT
RHSA-2010:0958
vendor-advisory
x_refsource_REDHAT
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
x_refsource_CONFIRM
42890
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20101105 Re: CVE request: kernel: logic error in INET_DIAG bytecode auditing
mailing-list
x_refsource_MLIST
42126
third-party-advisory
x_refsource_SECUNIA
[netdev] 20101103 [PATCH 2/2] inet_diag: Make sure we actually run the same bytecode we audited.
mailing-list
x_refsource_MLIST
[oss-security] 20101104 CVE request: kernel: logic error in INET_DIAG bytecode auditing
mailing-list
x_refsource_MLIST
DSA-2126
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now