|Bugzilla:||512284: CVE-2009-1897 kernel: tun/tap: Fix crashes if open() /dev/net/tun and then poll() it|
The MITRE CVE dictionary describes this issue as:
The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 18.104.22.168, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.
Red Hat is aware of this issue and is tracking it via the following bug:
The flaw only affects the Red Hat Enterprise Linux 5.4 beta kernel, which includes a backport of the upstream bug fix introducing this flaw (git commit 33dccbb0). This issue did not affect the final released Red Hat Enterprise Linux 5.4 kernel. It is also possible to mitigate this flaw by ensuring that the permissions for /dev/net/tun is restricted to root only.
This issue does not affect any other released kernel in any Red Hat product.
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.