[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL
From:       akuster <akuster () mvista ! com>
Date:       2010-06-29 15:53:05
Message-ID: 4C2A16E1.4040101 () mvista ! com
[Download RAW message or body]

Eugene,

Thanks for the info. Unfortunately it does affect a few MontaVista
kernels. Is it possible to get a CVE for this?

Mahalo,
Armin

On 06/28/2010 04:10 PM, Eugene Teo wrote:
> FYI, "On a 32-bit machine, info.rule_cnt >= 0x40000000 leads to integer
> overflow and the buffer may be smaller than needed.  Since
> ETHTOOL_GRXCLSRLALL is unprivileged, this can presumably be used for at
> least denial of service." This was introduced in v2.6.27-rc1 via
> upstream commit 0853ad66. Also see commit 59089d8d.
> 
> Reference:
> http://thread.gmane.org/gmane.linux.network/164869
> https://bugzilla.redhat.com/show_bug.cgi?id=608950
> 
> I'm not requesting a CVE name for this as it did not affect any of our
> Red Hat supported Linux kernels.
> 
> Thanks, Eugene
[prev in list] [next in list] [prev in thread] [next in thread]