oss-sec mailing list archives
Re: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL
From: akuster <akuster () mvista com>
Date: Tue, 29 Jun 2010 05:53:05 -1000
Eugene, Thanks for the info. Unfortunately it does affect a few MontaVista kernels. Is it possible to get a CVE for this? Mahalo, Armin On 06/28/2010 04:10 PM, Eugene Teo wrote:
FYI, "On a 32-bit machine, info.rule_cnt >= 0x40000000 leads to integer overflow and the buffer may be smaller than needed. Since ETHTOOL_GRXCLSRLALL is unprivileged, this can presumably be used for at least denial of service." This was introduced in v2.6.27-rc1 via upstream commit 0853ad66. Also see commit 59089d8d. Reference: http://thread.gmane.org/gmane.linux.network/164869 https://bugzilla.redhat.com/show_bug.cgi?id=608950 I'm not requesting a CVE name for this as it did not affect any of our Red Hat supported Linux kernels. Thanks, Eugene
Current thread:
- kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL Eugene Teo (Jun 28)
- Re: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL akuster (Jun 29)
- CVE Request: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL Eugene Teo (Jun 29)
- Re: CVE Request: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL Josh Bressers (Jun 30)
- CVE Request: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL Eugene Teo (Jun 29)
- Re: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL akuster (Jun 29)