Bug 1086730 (CVE-2014-2851)
| Summary: | CVE-2014-2851 kernel: net: ping: refcount issue in ping_init_sock() function | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Petr Matousek <pmatouse> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | agordeev, aquini, bhu, carnil, davej, dhoward, esammons, fhrbata, gansalmon, iboverma, itamar, jforbes, jkacur, jkurik, jonathan, jross, jscalf, jwboyer, kernel-maint, kernel-mgr, kseifried, lgoncalv, lwang, madhu.chinakonda, matt, mchehab, mcressma, mguzik, mjc, nobody, npajkovs, pholasek, plougher, rt-maint, rvrbovsk, sreber, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-07-29 16:32:38 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1087412, 1087414, 1087415, 1087416, 1087418, 1087419, 1087420, 1087478 | ||
| Bug Blocks: | 1086734 | ||
|
Description
Petr Matousek
2014-04-11 11:50:15 UTC
Statement: This issue does not affect Linux kernel packages as shipped with Red Hat Enterprise Linux 5. Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1087420] kernel-3.13.10-200.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. kernel-3.13.11-100.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2014:0557 https://rhn.redhat.com/errata/RHSA-2014-0557.html This issue has been addressed in following products: Red Hat Enterprise Linux 7 Via RHSA-2014:0786 https://rhn.redhat.com/errata/RHSA-2014-0786.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0981 https://rhn.redhat.com/errata/RHSA-2014-0981.html IssueDescription: A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. This issue has been addressed in following products: Red Hat Enterprise Linux 6.4 EUS - Server and Compute Node Only Via RHSA-2014:1101 https://rhn.redhat.com/errata/RHSA-2014-1101.html interesting discussion of exploitability: https://cyseclabs.com/page?n=02012016 |