Vigil@nce - Linux kernel: NULL pointer dereference via rds_ib_laddr_check
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can dereference a NULL pointer in the
rds_ib_laddr_check() function of the Linux kernel, in order to
trigger a denial of service.
– Impacted products: Linux
– Severity: 1/4
– Creation date: 01/04/2014
DESCRIPTION OF THE VULNERABILITY
The RDS (Reliable Datagram Sockets) protocol is used to transmit
data in a non connected mode. It is supported by kernels since
version 2.6.30.
However, the rds_ib_laddr_check() function does not check if a
pointer is NULL, before using it.
A local attacker can therefore dereference a NULL pointer in the
rds_ib_laddr_check() function of the Linux kernel, in order to
trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-NULL-pointer-dereference-via-rds-ib-laddr-check-14506