Описание
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
A flaw was found in the way the sit_init_net function in the Linux kernel handled resource cleanup on errors. This flaw allows an attacker to use the error conditions to crash the system.
Отчет
This issue is rated as having Low impact because of the preconditions needed to trigger the error/resource cleanup code path (system-wide out-of-memory condition, high privileges or physical access).
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Fix deferred | ||
| Red Hat Enterprise MRG 2 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2020:4062 | 29.09.2020 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2020:4060 | 29.09.2020 |
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2019:3309 | 05.11.2019 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2019:3517 | 05.11.2019 |
Показывать по
Дополнительная информация
Статус:
4.7 Medium
CVSS3
Связанные уязвимости
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() ...
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
Уязвимость функции sit_init_net() (net/ipv6/sit.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
4.7 Medium
CVSS3