Re: CVE Request: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL

[Josh Bressers <bressers () redhat com>]

Please use CVE-2010-2478

Thanks.

-- 
    JB


----- "Eugene Teo" <eugeneteo () kernel sg> wrote:

> On 06/29/2010 11:53 PM, akuster wrote:
> > Eugene,
> >
> > Thanks for the info. Unfortunately it does affect a few MontaVista
> > kernels. Is it possible to get a CVE for this?
>
> I edited the $SUBJECT :)
>
> Eugene
>
> > On 06/28/2010 04:10 PM, Eugene Teo wrote:
> > > FYI, "On a 32-bit machine, info.rule_cnt>= 0x40000000 leads to
> integer
> > > overflow and the buffer may be smaller than needed.  Since
> > > ETHTOOL_GRXCLSRLALL is unprivileged, this can presumably be used
> for at
> > > least denial of service." This was introduced in v2.6.27-rc1 via
> > > upstream commit 0853ad66. Also see commit 59089d8d.
> > >
> > > Reference:
> > > http://thread.gmane.org/gmane.linux.network/164869
> > > https://bugzilla.redhat.com/show_bug.cgi?id=608950
> > >
> > > I'm not requesting a CVE name for this as it did not affect any of
> our
> > > Red Hat supported Linux kernels.
> > >
> > > Thanks, Eugene
>
>
> -- 
> main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i);
> }