[kernel-sec-discuss] r2549 - active

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Nov 22 11:22:00 UTC 2011


Author: jmm
Date: 2011-11-22 11:21:59 +0000 (Tue, 22 Nov 2011)
New Revision: 2549

Added:
   active/CVE-2011-4112
Log:
new issue


Added: active/CVE-2011-4112
===================================================================
--- active/CVE-2011-4112	                        (rev 0)
+++ active/CVE-2011-4112	2011-11-22 11:21:59 UTC (rev 2549)
@@ -0,0 +1,29 @@
+Description: NULL pointer deref at dev_queue_xmit
+References:
+ https://bugzilla.redhat.com/CVE-2011-4112
+Notes:
+ jmm> Noted from Eugene Teo of Red Hat:
+ After the last patch, We are left in a state in which only drivers
+ calling ether_setup have IFF_TX_SKB_SHARING set (we assume that drivers
+ touching real hardware call ether_setup for their net_devices and don't
+ hold any state in their skbs.  There are a handful of drivers that
+ violate this assumption of course, and need to be fixed up.  This patch
+ identifies those drivers, and marks them as not being able to support
+ the safe transmission of skbs by clearning the IFF_TX_SKB_SHARING flag
+ in priv_flags
+ http://git.kernel.org/linus/550fd08c2cebad61c548def135f67aba284c6162
+ 
+ Pktgen attempts to transmit shared skbs to net devices, which can't be
+ used by some drivers as they keep state information in skbs.  This patch
+ adds a flag marking drivers as being able to handle shared skbs in their
+ tx path.  Drivers are defaulted to being unable to do so, but calling
+ ether_setup enables this flag, as 90% of the drivers calling ether_setup
+ touch real hardware and can handle shared skbs.  A subsequent patch will
+ audit drivers to ensure that the flag is set properly
+ http://git.kernel.org/linus/d8873315065f1f527c7c380402cf59b1e1d0ae36
+Bugs:
+upstream: needed
+2.6.32-upstream-stable: needed
+sid: needed
+2.6.26-lenny-security:
+2.6.32-squeeze-security: needed




More information about the kernel-sec-discuss mailing list