CVE-2013-0290
Published: 19 February 2013
The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application.
From the Ubuntu security team
Tommi Rantala discovered a flaw in the a flaw the Linux kernels handling of datagrams packets when the MSG_PEEK flag is specified. An unprivileged local user could exploit this flaw to cause a denial of service (system hang).
Priority
Status
Notes
Author | Note |
---|---|
apw | This was introduced by the change in this commit: 3f518bf745cbd6007d8069100fb9cb09e960c872 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0290
- http://www.openwall.com/lists/oss-security/2013/02/14
- https://ubuntu.com/security/notices/USN-1768-1
- https://ubuntu.com/security/notices/USN-1769-1
- https://ubuntu.com/security/notices/USN-1774-1
- NVD
- Launchpad
- Debian