VULHUB ™

An integer overflow vulnerability is reported in the Linux kernel 'ipv6_setsockopt()' system call. This issue is related to the code for handling the IPV6_PKTOPTIONS socket option, which is used to provide the kernel with IPv6 options for a designation socket. This issue may be exploited by a local user to compromise the system. Exploitation could also result in a denial of service. It should be noted that this type of vulnerability might provide a generic means of privilege escalation across Linux distributions once a remote attacker has gained unauthorized access as a lower privileged user. **Update: Conflicting reports suggest that this issue is not in fact a vulnerability. It is reported that the 'optlen' value is sanitized in 'linux/net/socket.c' before reaching the code that is reported vulnerable.

An integer overflow vulnerability is reported in the Linux kernel 'ipv6_setsockopt()' system call. This issue is related to the code for handling the IPV6_PKTOPTIONS socket option, which is used to provide the kernel with IPv6 options for a designation socket. This issue may be exploited by a local user to compromise the system. Exploitation could also result in a denial of service. It should be noted that this type of vulnerability might provide a generic means of privilege escalation across Linux distributions once a remote attacker has gained unauthorized access as a lower privileged user. **Update: Conflicting reports suggest that this issue is not in fact a vulnerability. It is reported that the 'optlen' value is sanitized in 'linux/net/socket.c' before reaching the code that is reported vulnerable.