Date: Wed, 2 Dec 2009 08:40:21 -0500 (EST) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request: kernel: mac80211: fix two remote exploits ----- "Eugene Teo" <eugeneteo@...nel.sg> wrote: > http://git.kernel.org/linus/4253119acf412fd686ef4bd8749b5a4d70ea3a51 > > "Lennert Buytenhek noticed a remotely triggerable problem in mac80211, > > which is due to some code shuffling I did that ended up changing the > order in which things were done -- this was in > > commit d75636ef9c1af224f1097941879d5a8db7cd04e5 > Author: Johannes Berg <johannes@...solutions.net> > Date: Tue Feb 10 21:25:53 2009 +0100 > > mac80211: RX aggregation: clean up stop session > > The problem is that the BUG_ON moved before the various checks, and as > > such can be triggered. > > As the comment indicates, the BUG_ON can be removed since the > ampdu_action callback must already exist when the state is > OPERATIONAL. > > A similar code path leads to a WARN_ON in > ieee80211_stop_tx_ba_session, > which can also be removed." > > Btw, FYI, there's another issue that was also introduced by the same > code shuffling patch (commit d75636ef) but was fixed in another patch > > (commit 827d42c9). It was assigned with CVE-2009-4026. > Hi Eugene, I can't parse this. Can you help me understand. What are the two issues the subject speaks of? Is the "similar code path" paragraph of importance? Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ