Linux kernel built with the IP Virtual Server(CONFIG_IP_VS) support is vulnerable to a buffer overflow flaw. It could occur while setting or retrieving socket options via setsockopt(2) or getsockopt(2) calls. Though a user needs to have CAP_NET_ADMIN privileges to perform these IP_VS operations. A user/program with CAP_NET_ADMIN privileges could use this flaw to further escalate their privileges on a system. Upstream fix: ------------- -> https://git.kernel.org/linus/04bcef2a83f40c6db24222b27a52892cba39dffb UPDATE: ======= The bounds check(below) added by the above patch are found to be redundant. The same are present in routine 'nf_sockopt_find'. [1] + if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX) + return -EINVAL; + if (len < 0 || len > MAX_ARG_LEN) + return -EINVAL; [1] https://lkml.org/lkml/2009/9/30/265 That makes it a security non-issue. Please see: -> http://seclists.org/oss-sec/2014/q1/174
Statement: The Red Hat Security Response Team does not consider this issue to be a security flaw. Please see http://seclists.org/oss-sec/2014/q1/174 for CVE REJECT request and further information.