First published: Fri Apr 11 2014(Updated: )
A flaw was found in the way ping_init_sock() function handled group_info struct reference counter. Since group_info refcounter is only incremented but never decremented in this codepath, it could lead to refcounter overflow and possibly to use-after-free issue later. An unprivileged local user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Upstream patch proposal: <a href="https://lkml.org/lkml/2014/4/10/736">https://lkml.org/lkml/2014/4/10/736</a>
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <=3.14.1 | |
Debian Debian Linux | =7.0 | |
Linux Linux kernel | >=3.0<3.2.60 | |
Linux Linux kernel | >=3.3<3.4.92 | |
Linux Linux kernel | >=3.5<3.10.41 | |
Linux Linux kernel | >=3.11<3.12.19 | |
Linux Linux kernel | >=3.13<3.14.5 | |
Linux Linux kernel | =3.0-rc1 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.