Note:
This project will be discontinued after December 13, 2021. [more]
2018-10-22
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.
Products | Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform, Virtualization_host |
Type | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362) Use After Free (CWE-416) |
First patch | - None (likely due to unavailable code) |
Links |
• https://access.redhat.com/errata/RHSA-2019:1170
• https://access.redhat.com/errata/RHSA-2019:0163 • https://access.redhat.com/errata/RHSA-2019:1190 • https://blogs.securiteam.com/index.php/archives/3731 • https://access.redhat.com/errata/RHSA-2019:0188 |