Date: Sun, 4 Jul 2010 13:13:05 +0200 From: Moritz Muehlenhoff <jmm@...til.org> To: oss-security@...ts.openwall.com Subject: Re: kernel: l2tp: Fix oops in pppol2tp_xmit On Wed, Jun 23, 2010 at 11:43:51AM +0800, Eugene Teo wrote: > "When transmitting L2TP frames, we derive the outgoing interface's > UDP checksum hardware assist capabilities from the tunnel dst dev. > This can sometimes be NULL, especially when routing protocols are > used and routing changes occur. This patch just checks for NULL dst > or dev pointers when checking for netdev hardware assist features. > > BUG: unable to handle kernel NULL pointer dereference at 0000000c > IP: [<f89d074c>] pppol2tp_xmit+0x341/0x4da [pppol2tp] > *pde = 00000000 > Oops: 0000 [#1] SMP > last sysfs file: /sys/class/net/lo/operstate > [...]" > > Introduced in ffcebb16 (v2.6.29-rc1~581), fixed in 3feec909 (fixed > in v2.6.34-rc2). (It was later split into different files in commit > fd558d18 v2.6.35-rc1). > > I'm not requesting a CVE name for this because it did not affect any > of our supported kernels. FYI. Steve, please assign a CVE ID for this. Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.