Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:sysctl: Fix out of bounds access for empty sysctl registersWhen registering tables to the sysctl subsystem there is a check to seeif header is a permanently empty directory (used for mounts). This checkevaluates the first element of the ctl_table. This results in an out ofbounds evaluation when registering empty directories.The function register_sysctl_mount_point now passes a ctl_table of size1 instead of size 0. It now relies solely on the type to identifya permanently empty register.Make sure that the ctl_table has at least one element before testing forpermanent emptiness.
No PoCs from references.
- https://github.com/robertsirc/sle-bci-demo