oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL

From: Eugene Teo <eugeneteo () kernel sg>
Date: Tue, 29 Jun 2010 10:10:21 +0800
FYI, "On a 32-bit machine, info.rule_cnt >= 0x40000000 leads to integer overflow and the buffer may be smaller than needed. Since ETHTOOL_GRXCLSRLALL is unprivileged, this can presumably be used for at least denial of service." This was introduced in v2.6.27-rc1 via upstream commit 0853ad66. Also see commit 59089d8d. 

Reference:
http://thread.gmane.org/gmane.linux.network/164869
https://bugzilla.redhat.com/show_bug.cgi?id=608950
I'm not requesting a CVE name for this as it did not affect any of our Red Hat supported Linux kernels. 

Thanks, Eugene
--
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Previous By Date Next
Previous By Thread Next

Current thread: