A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capbilities could cause an out of bounds read by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). Due to lack of size checking on ICMP header length, it is possible to cause out-of-bounds read on stack, this stack data may be included in the outgoing packet data if it can be validated (infoleak). Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0eab121ef8750a5c8637d51534d5e9143fb0633f
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1403834]
Statement: This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and is planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue doesn't affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 7 and MRG-2.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:0817 https://rhn.redhat.com/errata/RHSA-2017-0817.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.7 Extended Update Support Via RHSA-2017:0869 https://access.redhat.com/errata/RHSA-2017:0869
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2930 https://access.redhat.com/errata/RHSA-2017:2930
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2931 https://access.redhat.com/errata/RHSA-2017:2931