Vigil@nce: Linux kernel, denial of service of inet6_hashtables
April 2009 by Vigil@nce
A local attacker can stop the system during the usage of a NULL
pointer in inet6_hashtables.c.
– Severity: 1/4
– Consequences: denial of service of computer
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 23/04/2009
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The __inet6_check_established() function of the
net/ipv6/inet6_hashtables.c file checks if a IPv6/TCP socket is in
the ESTABLISHED state.
When the socket is not in the TIME-WAIT state, a pointer is set to
NULL. However, this pointer is then used to update statistics when
the last parameter of the function is not NULL.
A NULL pointer is thus dereferenced is some cases, which stops the
system. The exact attack method is unknown.
A local attacker can therefore stop the system during the usage of
a NULL pointer in inet6_hashtables.c.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-8665
– Url: http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-of-inet6-hashtables-8665
To change your email preferences (frequency, severity threshold, format):
https://vigilance.fr/?action=2041549901&langue=2