[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] kernel: l2tp: Fix oops in pppol2tp_xmit
From: Eugene Teo <eugeneteo () kernel ! sg>
Date: 2010-06-23 3:43:51
Message-ID: 4C2182F7.5040700 () kernel ! sg
[Download RAW message or body]
"When transmitting L2TP frames, we derive the outgoing interface's UDP
checksum hardware assist capabilities from the tunnel dst dev. This can
sometimes be NULL, especially when routing protocols are used and
routing changes occur. This patch just checks for NULL dst or dev
pointers when checking for netdev hardware assist features.
BUG: unable to handle kernel NULL pointer dereference at 0000000c
IP: [<f89d074c>] pppol2tp_xmit+0x341/0x4da [pppol2tp]
*pde = 00000000
Oops: 0000 [#1] SMP
last sysfs file: /sys/class/net/lo/operstate
[...]"
Introduced in ffcebb16 (v2.6.29-rc1~581), fixed in 3feec909 (fixed in
v2.6.34-rc2). (It was later split into different files in commit
fd558d18 v2.6.35-rc1).
I'm not requesting a CVE name for this because it did not affect any of
our supported kernels. FYI.
Thanks, Eugene
--
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic