Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 2 Dec 2009 08:40:21 -0500 (EST)
From: Josh Bressers <>
Cc: "Steven M. Christey" <>
Subject: Re: CVE request: kernel: mac80211: fix two remote

----- "Eugene Teo" <> wrote:

> "Lennert Buytenhek noticed a remotely triggerable problem in mac80211,
> which is due to some code shuffling I did that ended up changing the 
> order in which things were done -- this was in
>    commit d75636ef9c1af224f1097941879d5a8db7cd04e5
>    Author: Johannes Berg <>
>    Date:   Tue Feb 10 21:25:53 2009 +0100
>      mac80211: RX aggregation: clean up stop session
> The problem is that the BUG_ON moved before the various checks, and as
> such can be triggered.
> As the comment indicates, the BUG_ON can be removed since the 
> ampdu_action callback must already exist when the state is
> A similar code path leads to a WARN_ON in
> ieee80211_stop_tx_ba_session, 
> which can also be removed."
> Btw, FYI, there's another issue that was also introduced by the same 
> code shuffling patch (commit d75636ef) but was fixed in another patch
> (commit 827d42c9). It was assigned with CVE-2009-4026.

Hi Eugene,

I can't parse this. Can you help me understand.

What are the two issues the subject speaks of? Is the "similar code path"
paragraph of importance?



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ