CVE-2013-1826 Kernel: xfrm_user: return error pointer instead of NULL

Solution Unverified - Updated -

Issue

Linux kernel built with XFRM framework support is vulnerable to a NULL pointer dereference flaw. It occurs while accessing FRM state via xfrm_state_netlink routine.

A privileged (CAP_NET_ADMIN) user/program could use this flaw to crash systems, resulting in DoS.

Environment

  • This issue affects Red Hat Enterprise Linux (RHEL) 5 and 6.

  • This issue does not affect Red Hat Enterprise MRG 2.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In