Bug 709164 – VUL-1: kernel: gro: Only reset frag0 when skb can be pulled

Bug 709164 - VUL-1: kernel: gro: Only reset frag0 when skb can be pulled


Summary:	VUL-1: kernel: gro: Only reset frag0 when skb can be pulled

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	General
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2011-07-29 07:45 UTC by Thomas Biege
Modified:	2011-11-16 23:09 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Development
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Biege 2011-07-29 07:45:13 UTC

Hi.
There is a security bug in package 'kernel'.

This information is from 'oss-security'.

This bug is public.

There is no coordinated release date (CRD) set.

More information can be found here:
	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=17dd759c67f21e34f2156abcf415e1f60605a188

CVE number: CVE-2011-2723
CVE description: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2723
CVSS v2 Base Score: 5.7 (important) (AV:A/AC:M/Au:N/C:N/I:N/A:C)


Original posting:



CVE-2011-2723


Betreff: [oss-security] CVE request: kernel: gro: Only reset frag0 when skb can be pulled
Datum: Freitag, 29. Juli 2011, 00:30:35
Von: Kees Cook <kees@ubuntu.com>
An:  oss-security@lists.openwall.com

Hi,

This fixes a remote crasher under certain network device configurations:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=17dd759c67f21e34f2156abcf415e1f60605a188

Thanks,

-Kees

-- 
Kees Cook
Ubuntu Security Team

Comment 1 Michal Hocko 2011-08-05 14:13:27 UTC

AFAIU this issue affects only > 2.6.29 which have Generic offload infrastructure. So it shouldn't affect SLES*-TD branches.

Comment 2 Thomas Biege 2011-08-12 16:35:21 UTC

please ignore, just adjusting priority

Comment 3 Marcus Meissner 2011-09-30 20:19:15 UTC

For SUSE Linux Enterprise 11 SP1, this is in the 2.6.32.43-44 diff.

Comment 4 Marcus Meissner 2011-09-30 20:25:45 UTC

also for slert11 sp1 then I guess ...

Comment 5 Benjamin Poirier 2011-11-16 23:09:30 UTC

SLE11-SP1
        fixed in c3c239c62ae57, upstream -stable v2.6.32.44
SLE11-SP2 : 3.0.9
        fixed in 97edbc901240, upstream -stable v3.0.1
SLES10_SP3
        unaffected
SLES10_SP4
        unaffected
openSUSE-11.3 : 2.6.34.10
        applied, c361a6f57ea8cc680f4cd10eb0abb1c313e203ad
openSUSE-11.4 : 2.6.37.6
        applied, e289f565254e013b70ced9cec5d478be348125a4