** Description changed: - Dereferencing a user pointer directly from kernel-space without going - through the copy_from_user family of functions is a bad idea. Two of - such usages can be found in the sendmsg code path called from sendmmsg, - added by upstream commit c71d8ebe7a4496fb7231151cb70a6baa0cb56f9a. - Usages are performed through memcmp() and memcpy() directly. + The __sys_sendmsg function in net/socket.c in the Linux kernel before + 3.1 allows local users to cause a denial of service (system crash) via + crafted use of the sendmmsg system call, leading to an incorrect pointer + dereference. Break-Fix: c71d8ebe7a4496fb7231151cb70a6baa0cb56f9a bc909d9ddbf7778371e36a651d6e4194b1cc7d4c Break-Fix: 5b47b8038f183b44d2d8ff1c7d11a5c1be706b34 bc909d9ddbf7778371e36a651d6e4194b1cc7d4c
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/905066 Title: CVE-2011-4594 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/905066/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
