[CVE-2011-2723] gro: Only reset frag0 when skb can be pulled
Andy Whitcroft
apw at canonical.com
Tue Sep 13 16:48:43 UTC 2011
CVE-2011-2723
The skb_gro_header_slow function in include/linux/netdevice.h in
the Linux kernel before 2.6.39.4, when Generic Receive Offload
(GRO) is enabled, resets certain fields in incorrect situations,
which allows remote attackers to cause a denial of service
(system crash) via crafted network traffic.
This problem was introduced between hardy and lucid. Fixes for
lucid/master, oneiric, and oneiric/ti-omap4 have come down via stable
and mainline. Following this email is a patch which applies to
lucid/fsl-imx51, maverick, maverick/ti-omap4, natty, and natty/ti-omap4.
This is a clean cherry-pick from mainline.
Proposing for lucid/fsl-imx51, maverick, maverick/ti-omap4, natty,
natty/ti-omap4.
-apw
More information about the kernel-team
mailing list