Linux Kernel 3.13.6 ath_tx_aggr_sleep() Local DoS

2014-03-30 / 2014-03-31
Risk: Medium
Local: Yes
Remote: No
CWE: N/A

I don't see a cve assigned for the following: 1) https://secunia.com/advisories/57468/ : A vulnerability has been reported in Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a race condition error in the "ath_tx_aggr_sleep()" function (drivers/net/wireless/ath/ath9k/xmit.c), which can be exploited to cause a crash. The vulnerability is reported in versions prior to 3.12.15 and prior to 3.13.7. Solution: Update to version 3.12.15 or 3.13.7. Provided and/or discovered by: Max Sydorenko within a bug report. Original Advisory: Kernel: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7 Max Sydorenko: https://bugzilla.kernel.org/show_bug.cgi?id=70551 2) https://secunia.com/advisories/57436/ : Description A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "arch_dup_task_struct()" function (arch/powerpc/kernel/process.c) and can be exploited to cause a crash via a specially crafted instruction sequence. Note: This only affects systems running on PowerPC. The vulnerability is reported in versions prior to 3.12.15 and 3.13.7. Solution: Update to version 3.12.15 or 3.13.7. Provided and/or discovered by: The vendor credits Adhemerval Zanella Neto. Original Advisory: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7 -- Agostino Sarubbo

References:

https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7
https://bugzilla.kernel.org/show_bug.cgi?id=70551


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top