** Changed in: linux (Ubuntu Maverick) Status: In Progress => Fix Committed
** Changed in: linux-ti-omap4 (Ubuntu Oneiric) Status: Confirmed => Fix Committed ** Changed in: linux-ti-omap4 (Ubuntu Natty) Status: Confirmed => Fix Committed ** Changed in: linux-fsl-imx51 (Ubuntu Lucid) Status: In Progress => Fix Committed ** Description changed: + The bcm_release function in net/can/bcm.c in the Linux kernel before + 2.6.39-rc6 does not properly validate a socket data structure, which + allows local users to cause a denial of service (NULL pointer + dereference) or possibly have unspecified other impact via a crafted + release operation. + Fixed-by: c6914a6f261aca0c9f715f883a353ae7ff51fe83 - - commit c6914a6f261aca0c9f715f883a353ae7ff51fe83 - Author: Dave Jones <da...@redhat.com> - Date: Tue Apr 19 20:36:59 2011 -0700 - - can: Add missing socket check in can/bcm release. - - We can get here with a NULL socket argument passed from userspace, - so we need to handle it accordingly. - - Signed-off-by: Dave Jones <da...@redhat.com> - Signed-off-by: David S. Miller <da...@davemloft.net> -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/796502 Title: CVE-2011-1598 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/796502/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs