Описание
The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| linux | fixed | 4.5.5-1 | package | |
| linux | not-affected | jessie | package | |
| linux | not-affected | wheezy | package |
Примечания
http://lists.openwall.net/netdev/2016/05/14/28
Fixed by: https://git.kernel.org/linus/45e093ae2830cd1264677d47ff9a95a71f5d9f9c
Introduced by: https://git.kernel.org/linus/1a1a143daf84db95dd7212086042004a3abb7bc2 (v3.19-rc1)
EPSS
Связанные уязвимости
The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation.
The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation.
The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation.
The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation.
ELSA-2016-3596: Unbreakable Enterprise kernel security update (IMPORTANT)
EPSS