What is the severity of REDHAT-BUG-1276437?

The severity of REDHAT-BUG-1276437 is classified as a high vulnerability due to the potential for a NULL pointer dereference.

How do I fix REDHAT-BUG-1276437?

To fix REDHAT-BUG-1276437, you should apply the latest updates from Red Hat that address this vulnerability in the Linux Kernel.

What versions of Red Hat Linux are affected by REDHAT-BUG-1276437?

REDHAT-BUG-1276437 affects certain versions of the Red Hat Linux Kernel that utilize the RDS connection code.

What is the cause of the vulnerability REDHAT-BUG-1276437?

The cause of the vulnerability REDHAT-BUG-1276437 is a NULL pointer dereference when sending messages to an unbound socket.

Is there a workaround for REDHAT-BUG-1276437 if I cannot update immediately?

A possible workaround for REDHAT-BUG-1276437 is to avoid using RDS connections that interact with unbound sockets until the patch is applied.

Vulnerability/
REDHAT-BUG-1276437

medium

CWE

476

29/10/2015

17/2/2021

REDHAT-BUG-1276437: Null Pointer Dereference

First published: Thu Oct 29 2015(Updated: )

A NULL pointer dereference in the RDS connection code when sending a message to an apparently unbound socket in net/rds/connection.c was found. The problem is caused by the code checking if the socket is bound in rds_sendmsg(), which checks the rs_bound_addr field without taking a lock on the socket. This opens a race where rs_bound_addr is temporarily set but where the transport is not in rds_bind(), leading to a NULL pointer dereference when trying to dereference 'trans' in __rds_conn_create(). Note that this is a complete fix of <a href="https://access.redhat.com/security/cve/CVE-2015-6937">CVE-2015-6937</a> issue. Patch can be found here: <a href="https://lkml.org/lkml/2015/10/16/530">https://lkml.org/lkml/2015/10/16/530</a> CVE assignment: <a href="http://seclists.org/oss-sec/2015/q4/179">http://seclists.org/oss-sec/2015/q4/179</a> Workaround: The Linux kernel will attempt to automatically load the RDS module when the RDS protocol is used from userspace. The module can be prevented being loaded with the commands: echo "install rds /bin/true" > /etc/modprobe.d/disable-rds echo "alias net-pf-28 off" >> /etc/modprobe.d/disable-rds Earlier versions of Red Hat Enterprise Linux can be disabled with instructions from here: <a href="https://access.redhat.com/solutions/41278">https://access.redhat.com/solutions/41278</a> If the module is already loaded prior to this, it must be removed or the system must be rebooted to preven it loading in the future.

Affected Software	Affected Version	How to fix
Red Hat Linux

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-1276437?
The severity of REDHAT-BUG-1276437 is classified as a high vulnerability due to the potential for a NULL pointer dereference.
How do I fix REDHAT-BUG-1276437?
To fix REDHAT-BUG-1276437, you should apply the latest updates from Red Hat that address this vulnerability in the Linux Kernel.
What versions of Red Hat Linux are affected by REDHAT-BUG-1276437?
REDHAT-BUG-1276437 affects certain versions of the Red Hat Linux Kernel that utilize the RDS connection code.
What is the cause of the vulnerability REDHAT-BUG-1276437?
The cause of the vulnerability REDHAT-BUG-1276437 is a NULL pointer dereference when sending messages to an unbound socket.
Is there a workaround for REDHAT-BUG-1276437 if I cannot update immediately?
A possible workaround for REDHAT-BUG-1276437 is to avoid using RDS connections that interact with unbound sockets until the patch is applied.

agent/references
agent/type
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2015-7990
agent/last-modified-date
agent/first-publish-date
agent/weakness
agent/severity
agent/description
agent/event
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/red hat
canonical/red hat linux