oss-security - CVE-2009-4272 kernel: emergency route cache flushing leads to node deadlock

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <4B566C5A.8030503@kernel.sg>
Date: Wed, 20 Jan 2010 10:37:14 +0800
From: Eugene Teo <eugeneteo@...nel.sg>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE-2009-4272 kernel: emergency route cache flushing leads to node
 deadlock

Reported by the Parallels Virtuozzo Containers team.

If an attacker was able to cause a large enough number of collisions in 
the routing hash table (via specially-crafted packets) for the emergency 
route flush to trigger, a deadlock could occur, or if the kernel routing 
cache was disabled, an uninitialized pointer would be left behind after 
a route lookup, leading to a NULL pointer dereference. Both caused by 
the same issue.

Introduced via:
c6153b5b77650879d78dec76414213c76dd8d574 v2.6.27-rc4~39^2~41
1080d709fb9d8cd4392f93476ee46a9d6ea05a5b v2.6.29-rc1~581^2~973

Patches:
https://bugzilla.redhat.com/show_bug.cgi?id=545411#c6
https://bugzilla.redhat.com/show_bug.cgi?id=545411#c15

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=545411

Thanks, Eugene

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.