Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4EC9C65D.3040803@redhat.com>
Date: Mon, 21 Nov 2011 11:32:45 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE-2011-4112 kernel: null ptr deref at dev_queue_xmit+0x35/0x4d0

This can be triggered by setting up a bridge over vlan, and running pktgen.

Reference:
https://bugzilla.redhat.com/CVE-2011-4112

Upstream commits:
After the last patch, We are left in a state in which only drivers
calling ether_setup have IFF_TX_SKB_SHARING set (we assume that drivers
touching real hardware call ether_setup for their net_devices and don't
hold any state in their skbs.  There are a handful of drivers that
violate this assumption of course, and need to be fixed up.  This patch
identifies those drivers, and marks them as not being able to support
the safe transmission of skbs by clearning the IFF_TX_SKB_SHARING flag
in priv_flags
http://git.kernel.org/linus/550fd08c2cebad61c548def135f67aba284c6162

Pktgen attempts to transmit shared skbs to net devices, which can't be
used by some drivers as they keep state information in skbs.  This patch
adds a flag marking drivers as being able to handle shared skbs in their
tx path.  Drivers are defaulted to being unable to do so, but calling
ether_setup enables this flag, as 90% of the drivers calling ether_setup
touch real hardware and can handle shared skbs.  A subsequent patch will
audit drivers to ensure that the flag is set properly
http://git.kernel.org/linus/d8873315065f1f527c7c380402cf59b1e1d0ae36

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.