Announcement Announcement Module
Collapse
No announcement yet.
Denial of Service Vulnerability in Linux Kernel cma_req_handler() function Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Denial of Service Vulnerability in Linux Kernel cma_req_handler() function

    Denial of Service Vulnerability in Linux Kernel cma_req_handler() function


    Severity Rating: Medium

    Systems Affected
    • Linux kernel prior to 3.14.1 till 3.14.x

    Overview
    A vulnerability has been reported in Linux kernel which could allow a remote attacker to cause incorrect pointer dereference and system crash leading to denial of service conditions.

    Description

    This vulnerability exists in the cma_req_handler() function in drivers/infiniband/core/cma.c due to an invalid memory access. A remote attacker could exploit this vulnerability while trying to resolve RDMA over
    Converged Ethernet (RoCE) L2 address on the server side. Successful exploitation could allow the attacker to crash the kernel resulting in denial of service conditions.

    Solution
    Apply appropriate patches as mentioned in the following links:

    http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h
    =b2853fd6c2d0f383dbdf7427e263eb576a633867



    Vendor Information
    Kernel.org
    http://www.kernel.org

    References
    Openwall
    http://www.openwall.com/lists/oss-security/2014/04/10/9

    RedHat
    https://bugzilla.redhat.com/show_bug.cgi?id=1085415
Tag Cloud Tag Cloud Module
Collapse
Working...
X