REDHAT-BUG-979936

First published: Mon Jul 01 2013(Updated: )

Linux kernel is found to be vulnerable to a denial of service and/or possible code execution flaw caused by invalid free while sending message with sendmsg(2) call with IP_RETOPTS socket option set. This option is set to pass unprocessed IP options along with timestamps to a user via IP_OPTIONS control message. An unprivileged user/program could use this flaw to crash the system resulting in DoS or possibly gain root privileges via arbitrary code execution. Reference: ---------- -&gt; <a href="http://www.openwall.com/lists/oss-security/2013/06/30/1">http://www.openwall.com/lists/oss-security/2013/06/30/1</a> This issue was introduced via Red Hat Enterprise Linux specific patch for <a href="https://access.redhat.com/security/cve/CVE-2012-3552">CVE-2012-3552</a>.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/references
• agent/type
• agent/first-publish-date
• agent/last-modified-date
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2013-2224
• agent/severity
• agent/description
• agent/event
• agent/trending
• agent/source
• agent/softwarecombine
• agent/tags
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• vendor/red hat
• canonical/red hat enterprise linux
• vendor/linux
• canonical/linux kernel