The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: NULL pointer dereference via rds_ib_laddr_check

Synthesis of the vulnerability 

A local attacker can dereference a NULL pointer in the rds_ib_laddr_check() function of the Linux kernel, in order to trigger a denial of service.
Impacted software: Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this computer vulnerability: 1/4.
Creation date: 01/04/2014.
Références of this announce: CERTFR-2014-AVI-241, CERTFR-2014-AVI-242, CERTFR-2014-AVI-333, CVE-2014-2678, FEDORA-2014-4844, FEDORA-2014-4849, MDVSA-2014:124, openSUSE-SU-2014:0766-1, openSUSE-SU-2014:0840-1, openSUSE-SU-2014:0856-1, RHSA-2014:0557-01, RHSA-2014:0926-01, RHSA-2014:0981-01, RHSA-2014:1101-01, SUSE-SU-2014:0696-1, SUSE-SU-2014:0807-1, SUSE-SU-2014:0908-1, SUSE-SU-2014:0909-1, SUSE-SU-2014:0910-1, SUSE-SU-2014:0911-1, SUSE-SU-2014:0912-1, USN-2219-1, USN-2220-1, USN-2221-1, USN-2223-1, USN-2224-1, USN-2225-1, USN-2227-1, USN-2228-1, VIGILANCE-VUL-14506.

Description of the vulnerability 

The RDS (Reliable Datagram Sockets) protocol is used to transmit data in a non connected mode. It is supported by kernels since version 2.6.30.

However, the rds_ib_laddr_check() function does not check if a pointer is NULL, before using it.

A local attacker can therefore dereference a NULL pointer in the rds_ib_laddr_check() function of the Linux kernel, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security threat impacts software or systems such as Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this computer weakness note is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this computer threat alert.

Solutions for this threat 

Linux kernel: version 3.14.1.
The version 3.14.1 is fixed:
  https://www.kernel.org/pub/linux/kernel/v3.x/

Linux kernel: version 3.13.10.
The version 3.13.10 is fixed:
  https://www.kernel.org/pub/linux/kernel/v3.x/

Linux kernel: version 3.12.18.
The version 3.12.18 is fixed:
  https://www.kernel.org/pub/linux/kernel/v3.x/

Linux kernel: version 3.10.37.
The version 3.10.37 is fixed:
  https://www.kernel.org/pub/linux/kernel/v3.x/

Linux kernel: version 3.4.88.
The version 3.4.88 is fixed:
  https://www.kernel.org/pub/linux/kernel/v3.x/

Linux kernel: patch for rds_ib_laddr_check.
A patch is available in information sources.

Fedora 19: new kernel packages.
New packages are available:
  Fedora 19: kernel 3.13.9-100.fc19

Fedora 20: new kernel packages.
New packages are available:
  Fedora 20: kernel 3.13.9-200.fc20

Mandriva BS: new kernel packages.
New packages are available:
  Mandriva BS1: kernel 3.4.93-1.1.mbs1

openSUSE 11.4: new kernel packages (06/06/2014).
New packages are available:
  openSUSE 11.4: kernel 3.0.101-83.1

openSUSE 12.3: new kernel packages.
New packages are available:
  openSUSE 12.3: kernel 3.7.10-1.36.1

openSUSE 13.1: new kernel packages.
New packages are available:
  openSUSE 13.1: kernel 3.11.10-17.2

Red Hat Enterprise MRG 2.5: new kernel-rt packages.
New packages are available:
  RHEL 6: kernel-rt 3.10.33-rt32.34.el6rt

RHEL 5: new kernel packages.
New packages are available:
  RHEL 5: kernel 2.6.18-371.11.1.el5

RHEL 6.4: new kernel packages.
New packages are available:
  RHEL 6: kernel 2.6.32-358.48.1.el6

RHEL 6: new kernel packages.
New packages are available:
  RHEL 6: kernel 2.6.32-431.23.3.el6

SUSE LE 11: new kernel packages (17/07/2014).
New packages are available:
  SUSE LE 11: kernel 3.0.101-0.35.1

SUSE LE 11 SP1: new kernel packages (18/06/2014).
New packages are available:
  SUSE LE 11: kernel 2.6.32.59-0.13.1

SUSE LE 11 SP2: new kernel packages (22/05/2014).
New packages are available:
  SUSE LE 11: kernel default-3.0.101-0.7.19.1

SUSE LE RT 11: new kernel-rt packages.
New packages are available:
  SUSE LE 11: kernel-rt 3.0.101.rt130-0.24.1

Ubuntu 10.04 LTS: new linux-image-2.6.32-364-ec2 packages.
New packages are available:
  Ubuntu 10.04 LTS: linux-image-2.6.32-364-ec2 2.6.32-364.77

Ubuntu 10.04 LTS: new linux-image-2.6.32-60-generic packages.
New packages are available:
  Ubuntu 10.04 LTS: linux-image-2.6.32-60-generic 2.6.32-60.122

Ubuntu 12.04 LTS: new linux-image-3.11.0-22-generic packages.
New packages are available:
  Ubuntu 12.04 LTS: linux-image-3.11.0-22-generic 3.11.0-22.38~precise1

Ubuntu 12.04 LTS: new linux-image-3.2.0-1446-omap4 packages.
New packages are available:
  Ubuntu 12.04 LTS: linux-image-3.2.0-1446-omap4 3.2.0-1446.65

Ubuntu 12.04 LTS: new linux-image-3.2.0-63-generic packages.
New packages are available:
  Ubuntu 12.04 LTS: linux-image-3.2.0-63-generic 3.2.0-63.95

Ubuntu 12.04 LTS: new linux-image-3.5.0-51-generic packages.
New packages are available:
  Ubuntu 12.04 LTS: linux-image-3.5.0-51-generic 3.5.0-51.76~precise1

Ubuntu 12.04 LTS: new linux-image-3.8.0-41-generic packages.
New packages are available:
  Ubuntu 12.04 LTS: linux-image-3.8.0-41-generic 3.8.0-41.60~precise1

Ubuntu 13.10: new linux-image-3.11.0-22-generic packages.
New packages are available:
  Ubuntu 13.10: linux-image-3.11.0-22-generic 3.11.0-22.38
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides networks vulnerabilities alerts. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.