[CVE-2014-2851] Integer overflow in the ping_init_sock function
Andy Whitcroft
apw at canonical.com
Fri Apr 25 12:30:36 UTC 2014
CVE-2014-2851
Integer overflow in the ping_init_sock function in net/ipv4/ping.c
in the Linux kernel through 3.14.1 allows local users to cause a
denial of service (use-after-free and system crash) or possibly
gain privileges via a crafted application that leverages an
improperly managed reference counter.
Following this email are 4 patches for precise, quantal,
lts-backport-raring, and saucy/trusty. Utopic is already fixed via
upstream.
The patches for lts-backport-raring and saucy/trusty are simple
cherry-picks though they do differ in context. The other two are simple
backports over some namespace uid/gid handling changes.
These have been build tested.
Proposing SRU to precise, quantal, precise/lts-backport-raring, saucy, and
trusty.
-apw
More information about the kernel-team
mailing list