Description of problem: INET-DIAG is inconsistent about how it looks up the bytecode contained in a netlink message, making it possible for a user to cause the kernel to execute unaudited INET-DIAG bytecode. This can be abused to make the kernel enter an infinite loop, and possibly other consequences. Reference: http://www.spinics.net/lists/netdev/msg145899.html Acknowledgements: Red Hat would like to thank Nelson Elhage for reporting this issue.
Statement: This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for monitoring of INET transport protocol sockets. Future updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw.
Upstream commit: http://git.kernel.org/linus/22e76c849d505d87c5ecf3d3e6742a65f0ff4860
Thanks, grabbed this Fedora.
This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2010:0958 https://rhn.redhat.com/errata/RHSA-2010-0958.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0004 https://rhn.redhat.com/errata/RHSA-2011-0004.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0007 https://rhn.redhat.com/errata/RHSA-2011-0007.html