Vigil@nce - Linux kernel: NULL pointer dereference via rds_ib_laddr_check
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can dereference a NULL pointer in the
rds_ib_laddr_check() function of the Linux kernel, in order to
trigger a denial of service.
Impacted products: Linux
Severity: 1/4
Creation date: 21/03/2014
DESCRIPTION OF THE VULNERABILITY
The RDS (Reliable Datagram Sockets) protocol is used to transmit
data in a non connected mode. It is supported by kernels since
version 2.6.30.
However, the rds_ib_laddr_check() function does not check if a
pointer is NULL, before using it.
A local attacker can therefore dereference a NULL pointer in the
rds_ib_laddr_check() function of the Linux kernel, in order to
trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-NULL-pointer-dereference-via-rds-ib-laddr-check-14457