CVE-2010-3880

Priority
Description
net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not
properly audit INET_DIAG bytecode, which allows local users to cause a
denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE
instructions in a netlink message that contains multiple attribute
elements, as demonstrated by INET_DIAG_BC_JMP instructions.
Ubuntu-Description
Nelson Elhage discovered that the Linux kernel IPv4 implementation did not
properly audit certain bytecodes in netlink messages. A local attacker
could exploit this to cause the kernel to hang, leading to a denial of
service.
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
Package
Upstream:released (2.6.37~rc2)
More Information

Updated: 2019-01-14 21:54:39 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)