Vulnerability in Linux Linux_kernel

CVE-2011-2213

The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_…

EPSS: 0.001 (19.8th percentile) — read the EPSS interpretation.

Affected products

Linux Linux_kernel
Redhat Enterprise_linux_aus — versions 5.6
Redhat Enterprise_linux_desktop — versions 5.0
Redhat Enterprise_linux_eus — versions 5.6
Redhat Enterprise_linux_server — versions 5.0
Redhat Enterprise_linux_workstation — versions 5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-835 — Loop with Unreachable Exit Condition (Infinite Loop)

References

secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
[netdev] 20110617 [PATCH] inet_diag: fix inet_diag_bc_audit() (mailing-list, x_refsource_MLIST, Broken Link)
RHSA-2011:0927 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
[oss-security] 20110620 CVE request: kernel: inet_diag: fix inet_diag_bc_audit() (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
[netdev] 20110601 inet_diag insufficient validation? (mailing-list, x_refsource_MLIST, Broken Link)
[netdev] 20110601 Re: inet_diag insufficient validation? (mailing-list, x_refsource_MLIST, Broken Link)
[oss-security] 20110620 Re: CVE request: kernel: inet_diag: fix inet_diag_bc_audit() (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Broken Link)