Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 4 Jul 2010 13:13:05 +0200
From: Moritz Muehlenhoff <jmm@...til.org>
To: oss-security@...ts.openwall.com
Subject: Re: kernel: l2tp: Fix oops in pppol2tp_xmit

On Wed, Jun 23, 2010 at 11:43:51AM +0800, Eugene Teo wrote:
> "When transmitting L2TP frames, we derive the outgoing interface's
> UDP checksum hardware assist capabilities from the tunnel dst dev.
> This can sometimes be NULL, especially when routing protocols are
> used and routing changes occur. This patch just checks for NULL dst
> or dev pointers when checking for netdev hardware assist features.
> 
>     BUG: unable to handle kernel NULL pointer dereference at 0000000c
>     IP: [<f89d074c>] pppol2tp_xmit+0x341/0x4da [pppol2tp]
>     *pde = 00000000
>     Oops: 0000 [#1] SMP
>     last sysfs file: /sys/class/net/lo/operstate
> [...]"
> 
> Introduced in ffcebb16 (v2.6.29-rc1~581), fixed in 3feec909 (fixed
> in v2.6.34-rc2). (It was later split into different files in commit
> fd558d18 v2.6.35-rc1).
> 
> I'm not requesting a CVE name for this because it did not affect any
> of our supported kernels. FYI.

Steve, please assign a CVE ID for this.

Cheers,
        Moritz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ