Linux Kernel 'tun_chr_pool()' NULL Pointer Dereference Vulnerability

Linux Kernel 'tun_chr_pool()' NULL Pointer Dereference Vulnerability

References:

A brief note on the 2.6.30 kernel null pointer vulnerability (James Morris)
Linux kernel Homepage (kernel.org)
Oops in tun: bisected to Limit amount of queued packets per device (Christian Borntraeger)
Re: PROBLEM: tun/tap crashes if open() /dev/net/tun and then poll() it. (Mariusz Kozlowski)

Privacy Statement
Copyright 2010, SecurityFocus