CVE-2010-3880

net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name	Vendor	Start Version	End Version
Linux_kernel	Linux	*	2.6.37 (excluding)
Linux_kernel	Linux	2.6.37 (including)	2.6.37 (including)
Linux_kernel	Linux	2.6.37-rc1 (including)	2.6.37-rc1 (including)

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=22e76c849d505d87c5ecf3d3e6742a65f0ff4860
http://openwall.com/lists/oss-security/2010/11/04/9
http://openwall.com/lists/oss-security/2010/11/05/3
http://secunia.com/advisories/42126
http://secunia.com/advisories/42789
http://secunia.com/advisories/42890
http://secunia.com/advisories/46397
http://www.debian.org/security/2010/dsa-2126
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2
http://www.redhat.com/support/errata/RHSA-2010-0958.html
http://www.redhat.com/support/errata/RHSA-2011-0004.html
http://www.redhat.com/support/errata/RHSA-2011-0007.html
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.securityfocus.com/bid/44665
http://www.spinics.net/lists/netdev/msg145899.html
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://www.vupen.com/english/advisories/2011/0024
https://bugzilla.redhat.com/show_bug.cgi?id=651264

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-3880
CWE	https://cwe.mitre.org/data/definitions/835.html

Loop with Unreachable Exit Condition ('Infinite Loop')

Weakness

Affected Software

References