In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rose_kill_by_device() rose_kill_by_device() collects sockets into a local array[] and then iterates over them to disconnect sockets bound to a device being brought down. The loop mistakenly indexes array[cnt] instead of array[i]. For cnt < ARRAY_SIZE(array), this reads an uninitialized entry; for cnt == ARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to an invalid socket pointer dereference and also leaks references taken via sock_hold(). Fix the index to use i.
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: net: rose: corrige índice de array inválido en rose_kill_by_device() rose_kill_by_device() recopila sockets en un array[] local y luego itera sobre ellos para desconectar los sockets vinculados a un dispositivo que está siendo dado de baja. El bucle indexa erróneamente array[cnt] en lugar de array[i]. Para cnt < ARRAY_SIZE(array), esto lee una entrada no inicializada; para cnt == ARRAY_SIZE(array), es una lectura fuera de límites. Cualquiera de los dos casos puede llevar a una desreferenciación de puntero de socket inválida y también filtra referencias tomadas a través de sock_hold(). Corrige el índice para usar i.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-129
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc336080> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc336d80> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdd67e340> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bddae7200> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc337b40> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc336040> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdd67edc0> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdd67ce40> | Operating System |
| linux | linux_kernel | 6.7 | <built-in method update of dict object at 0x702bdd67da40> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bfc335c00> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bdcc5b600> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bfc1de540> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bfc335480> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702b8344e800> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bdd2f0600> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702b8344f700> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702b8344e2c0> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.7:-:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:* |