** Description changed: - Data_len paremeter of sock_alloc_send_pskb() function is not validated - before setting frags of allocated skb, which can lead to heap overflow. + The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel + before 3.4.5 does not properly validate a certain length value, which + allows local users to cause a denial of service (heap-based buffer + overflow and system crash) or possibly gain privileges by leveraging + access to a TUN/TAP device. Break-Fix: - cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1006622 Title: CVE-2012-2136 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1006622/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
