A flaw was found in the TIPC networking subsystem which could allow for memory corruption and possible priveledge escalation. The flaw involves a system with an unusually low MTU (60) on networking devices configured as bearers for the TIPC protocol. Not all devices support or allow MTU's below 68 octets.
An attacker can create a packet which will overwrite memory outside of allocated space and this can allow for priveledge escalation.
The affected code is not enabled on Red Hat Enterprise Linux 6 and 7. The affected code was not included in Red Hat Enterprise Linux 5.
Red Hat would like to thank Qian Zhang from Qihoo 360 Marvel Team for reporting this issue.
This issue is rated as important. The affected code is not enabled on Red Hat Enterprise Linux 6 and 7 or MRG-2 kernels. The commit introducing the comment was not included in Red Hat Enterprise Linux 5.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1392262]