oss-sec mailing list archives
Re: CVE Request: kernel: l2tp: Fix oops in pppol2tp_xmit
From: Eugene Teo <eugeneteo () kernel sg>
Date: Sun, 04 Jul 2010 22:48:09 +0800
On 07/04/2010 07:13 PM, Moritz Muehlenhoff wrote:
On Wed, Jun 23, 2010 at 11:43:51AM +0800, Eugene Teo wrote:"When transmitting L2TP frames, we derive the outgoing interface's UDP checksum hardware assist capabilities from the tunnel dst dev. This can sometimes be NULL, especially when routing protocols are used and routing changes occur. This patch just checks for NULL dst or dev pointers when checking for netdev hardware assist features. BUG: unable to handle kernel NULL pointer dereference at 0000000c IP: [<f89d074c>] pppol2tp_xmit+0x341/0x4da [pppol2tp] *pde = 00000000 Oops: 0000 [#1] SMP last sysfs file: /sys/class/net/lo/operstate [...]" Introduced in ffcebb16 (v2.6.29-rc1~581), fixed in 3feec909 (fixed in v2.6.34-rc2). (It was later split into different files in commit fd558d18 v2.6.35-rc1). I'm not requesting a CVE name for this because it did not affect any of our supported kernels. FYI.Steve, please assign a CVE ID for this.
cc'ed coley () linus mitre org. Please change the subject as well so that we know this needs a CVE name. Thanks, Eugene -- main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Current thread:
- Re: kernel: l2tp: Fix oops in pppol2tp_xmit Moritz Muehlenhoff (Jul 04)
- Re: CVE Request: kernel: l2tp: Fix oops in pppol2tp_xmit Eugene Teo (Jul 04)
- <Possible follow-ups>
- Re: kernel: l2tp: Fix oops in pppol2tp_xmit Josh Bressers (Jul 06)