Wind River Support Network


LIN4-23104 : Security Advisory - Linux - CVE-2011-2213

Created: Sep 8, 2011    Updated: May 18, 2015
Resolved Date: Oct 25, 2011
Previous ID: LIN3-15530
Found In Version: 4.0
Fix Version: 4.2
Severity: Severe
Applicable for: Wind River Linux 4
Component/s: Userspace


The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.

Steps to Reproduce


Other Downloads

Live chat