openSUSE kernel sources : patching against sock_sendpage() NULL Pointer Dereference vulnerability

I am using the 2.6.30 kernel sources from Kernel:linux-next and noticed that it has not yet been patched against the ’sock_sendpage()’ NULL Pointer Dereference vulnerability.

The threat is serious as it could allow a local user to gain root privileges.

Those who compile their own 2.6.x kernel should apply this patch (from Linus, check there for more info) .

Within your kernel source folder :

$ patch -u -p0 < sock_sendpage.patch

I hope an official patch will be released soon for all kernels. I did not check if the 11.1 kernel has already been patched or not.

2 thoughts on “openSUSE kernel sources : patching against sock_sendpage() NULL Pointer Dereference vulnerability

  1. BenderBendingRodriguez

    Ehhh, what is this hubbub all about?? If there is anyone with local access to your PC then if he would know how to use that vulnerability then he’d also know how to get root privileges without that (GRUB /bin/sh etc. )

    I’d care more about remote code executions.

  2. JC Post author

    @BenderBendingRodriguez :
    No, local access does not only mean physical access. I have some servers accessed by technicians with SSH, where they use their own local account (not root).
    They would be able to grab an exploit and use it to gain root access – what I don’t want.

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>