ALAS-2012-083 --- kernelID: oval:org.secpod.oval:def:1601355 | Date: (C)2020-11-27 (M)2023-10-18 |
Class: PATCH | Family: unix |
It was found that the data_len parameter of the sock_alloc_send_pskb function in the Linux kernel"s networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note that unprivileged users cannot access TUN/TAP devices until the root user grants them access
Platform: |
Amazon Linux AMI |