Date: Mon, 21 Nov 2011 11:32:45 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE-2011-4112 kernel: null ptr deref at dev_queue_xmit+0x35/0x4d0 This can be triggered by setting up a bridge over vlan, and running pktgen. Reference: https://bugzilla.redhat.com/CVE-2011-4112 Upstream commits: After the last patch, We are left in a state in which only drivers calling ether_setup have IFF_TX_SKB_SHARING set (we assume that drivers touching real hardware call ether_setup for their net_devices and don't hold any state in their skbs. There are a handful of drivers that violate this assumption of course, and need to be fixed up. This patch identifies those drivers, and marks them as not being able to support the safe transmission of skbs by clearning the IFF_TX_SKB_SHARING flag in priv_flags http://git.kernel.org/linus/550fd08c2cebad61c548def135f67aba284c6162 Pktgen attempts to transmit shared skbs to net devices, which can't be used by some drivers as they keep state information in skbs. This patch adds a flag marking drivers as being able to handle shared skbs in their tx path. Drivers are defaulted to being unable to do so, but calling ether_setup enables this flag, as 90% of the drivers calling ether_setup touch real hardware and can handle shared skbs. A subsequent patch will audit drivers to ensure that the flag is set properly http://git.kernel.org/linus/d8873315065f1f527c7c380402cf59b1e1d0ae36
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.