blob: 426f0fcdee80ee0454618e3485d83e1be35fc14f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: use-after-free due to a race condition between anout_add from setsockopt and bind on an AF_PACKET socket
References:
https://blogs.securiteam.com/index.php/archives/3731
Notes:
carnil> Issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6
carnil> (4.15-c2) incomplete fix for a race condition. It was backported e.g.
carnil> as well to 5471afeef41388ec08e6cf610640aaf89805d6db (4.9.70) and
carnil> a0992bdf1e286a7b5e0dd696e2f2fd0fcbe08c7c (3.16.55).
carnil> The actual fix is 15fe076edea787807a7cdc168df832544b58eba6 complete.
carnil> https://bugzilla.redhat.com/show_bug.cgi?id=1641878#c3
carnil> https://bugzilla.novell.com/show_bug.cgi?id=1112859
Bugs:
upstream: released (4.15-rc2) [15fe076edea787807a7cdc168df832544b58eba6]
4.9-upstream-stable: released (4.9.70) [5471afeef41388ec08e6cf610640aaf89805d6db]
3.16-upstream-stable: released (3.16.55) [a0992bdf1e286a7b5e0dd696e2f2fd0fcbe08c7c]
sid: released (4.14.7-1)
4.9-stretch-security: released (4.9.80-1)
3.16-jessie-security: released (3.16.56-1)
|
