Bug 1263139 (CVE-2015-6937) - CVE-2015-6937 kernel: net: rds: NULL pointer dereference in net/rds/connection.c
Summary: CVE-2015-6937 kernel: net: rds: NULL pointer dereference in net/rds/connection.c
Status: CLOSED NOTABUG
Alias: CVE-2015-6937
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20150914,repor...
Keywords: Security
Depends On: 1263140
Blocks: 1276439
TreeView+ depends on / blocked
 
Reported: 2015-09-15 08:12 UTC by Martin Prpič
Modified: 2019-06-08 20:45 UTC (History)
36 users (show)

(edit)
A NULL-pointer dereference vulnerability was discovered in the Linux kernel. The kernel's Reliable Datagram Sockets (RDS) protocol implementation did not verify that an underlying transport existed before creating a connection to a remote server.  A local system user could exploit this flaw to crash the system by creating sockets at specific times to trigger a NULL pointer dereference.
Clone Of:
(edit)
Last Closed: 2016-05-12 01:24:52 UTC


Attachments (Terms of Use)

Description Martin Prpič 2015-09-15 08:12:46 UTC
It was found that the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation did not verify that an underlying transport exists when creating a connection to a remote server.

This could happen on sockets that were not properly bound before attempting to send a message.

A local attacker could use this flaw to crash the system by creating sockets at specific times to trigger a NULL pointer dereference on the system.

Upstream patch:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=74e98eb085889b0d2d4908f59f6e00026063014f

CVE assignment:

http://seclists.org/oss-sec/2015/q3/545

Comment 1 Martin Prpič 2015-09-15 08:14:23 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1263140]

Comment 2 Fedora Update System 2015-09-24 05:07:26 UTC
kernel-4.2.1-300.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 3 Fedora Update System 2015-10-03 21:14:56 UTC
kernel-4.1.8-200.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2015-10-03 21:51:23 UTC
kernel-4.1.8-100.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.

Comment 5 Adam Mariš 2015-10-29 17:19:24 UTC
The patch is incomplete, complete fix can be found here:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7990

MITRE assigned new CVE for the vulnerability that remains present after the original incomplete patch:

http://seclists.org/oss-sec/2015/q4/179

Comment 6 Wade Mealing 2016-02-01 04:17:20 UTC
Statement:

This issue did not affect kernel, kernel-rt, and realtime-kernel versions shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG as they do not include the Reliable Datagram Sockets (RDS) protocol implementation.


Note You need to log in before you can comment on or make changes to this bug.