oss-sec mailing list archives
CVE-2011-1478 kernel: gro: reset dev and skb_iff on skb reuse
From: Eugene Teo <eugene () redhat com>
Date: Mon, 28 Mar 2011 10:46:33 +0800
https://bugzilla.redhat.com/CVE-2011-1478There is an issue in the core GRO code where an skb belonging to an unknown VLAN is reused as we don't reset skb->dev in the reuse case. This could result in a NULL pointer dereference.
6d152e23ad1a7a5b40fef1f42e017d66e6115159 gro: reset skb_iif on reuse 66c46d741e2e60f0e8b625b80edb0ab820c46d7a gro: Reset dev pointer on reuse Thanks, Eugene -- main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Current thread:
- CVE-2011-1478 kernel: gro: reset dev and skb_iff on skb reuse Eugene Teo (Mar 27)