blob: 3b0408b0752315866b8f59beeb02111c982216fa (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Description: Untrusted Pointer Dereference in setsockopt system call
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1923636
https://www.zerodayinitiative.com/advisories/ZDI-21-100/
https://gist.github.com/Ga-ryo/2ec958e78f55c5d18558960f3fe1c6ec
Notes:
carnil> In 5.4.y fixed in 5.4.92 with 55bac51762c3 ("net, sctp, filter:
carnil> remap copy_from_user failure error"). For later kernel
carnil> versions: " In case of later kernel versions this issue won't
carnil> work anymore thanks to Christoph Hellwig's work that got rid of
carnil> the various temporary set_fs() address space overrides
carnil> altogether."
Bugs:
upstream: released (5.10-rc1) [f56e65dff6ad52395ef45738799b4fb70ff43376]
5.10-upstream-stable: N/A "Fixed before branching point"
4.19-upstream-stable: N/A "Vulnerable code introduced later"
4.9-upstream-stable: N/A "Vulnerable code introduced later"
sid: released (5.10.4-1)
4.19-buster-security: N/A "Vulnerable code introduced later"
4.9-stretch-security: N/A "Vulnerable code introduced later"
|