Bug 733986 - kernel: regression in CVE-2011-1768 fix [mrg-2.1]
Summary: kernel: regression in CVE-2011-1768 fix [mrg-2.1]
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: realtime-kernel
Version: 2.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Red Hat Real Time Maintenance
QA Contact: David Sommerseth
URL:
Whiteboard:
Depends On: 733985
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-29 04:46 UTC by Eugene Teo (Security Response)
Modified: 2016-05-22 23:33 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 733985
Environment:
Last Closed: 2011-10-03 04:03:14 UTC


Attachments (Terms of Use)

Description Eugene Teo (Security Response) 2011-08-29 04:46:20 UTC
+++ This bug was initially created as a clone of Bug #733985 +++

Description of problem:
The upstream commit d5aa407f59f5b83d2c50ec88f5bf56d40f1f8978 ("tunnels: fix
netns vs proto registration ordering") was not backported correctly, and results in a NULL pointer dereference in ip6_tunnel.c.

https://bugs.gentoo.org/show_bug.cgi?id=380609
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633738

diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 7fb3e02..53e0d51 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1466,7 +1466,7 @@ static int __init ip6_tunnel_init(void)
 {
        int  err;
 
-       err = register_pernet_device(&ip6_tnl_net_ops);
+       err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops);
        if (err < 0)
                goto out_pernet;

Comment 2 Eugene Teo (Security Response) 2011-10-03 04:03:14 UTC
Patch "Fix broken backport for IPv6 tunnels" has been added to the 2.6.32-longterm tree

upstream commit d5aa407f59f5b83d2c50ec88f5bf56d40f1f8978 ("tunnels: fix netns vs proto registration ordering") , which was included in 2.6.32.44-longterm, was not backported correctly, and results in a NULL pointer dereference in ip6_tunnel.c for longterm kernels >=2.6.32.44

this don't affect mrg-2.1 kernel.


Note You need to log in before you can comment on or make changes to this bug.