Linux kernel(>= version 3.4+) built with the X32 ABI for 64-bit mode support CONFIG_X86_X32, is vulnerable to an arbitrary write to a user supplied address. X32 ABI allows 32-bit programs to run on 64-bit machines with all its features, without using the 64-bit addressing. These programs continue to use 32-bit memory addressing. The flaw occurs while doing a recvmmsg(2) call. A user/program could use this flaw to crash the system resulting in DoS or potentially escalate user privileges to a system. Upstream fix: ------------- -> https://git.kernel.org/linus/2def2ef2ae5f3990aabdbe8a755911902707d268 Reference: ---------- -> http://www.openwall.com/lists/oss-security/2014/01/31/2
Statement: Not vulnerable. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
HackerOne report: https://hackerone.com/reports/960