[CVE-2011-4087] Multiple remote denial of service in Linux bridge

Andy Whitcroft apw at canonical.com
Tue Nov 22 09:29:10 UTC 2011

On Mon, Nov 21, 2011 at 06:40:07AM -0700, Tim Gardner wrote:
> On 11/21/2011 05:14 AM, Andy Whitcroft wrote:
> >CVE-2011-4087
> >	Scot Doyle discovered that the bridge networking interface
> >	incorrectly handled certain network packets. A remote attacker
> >	could exploit this to crash the system, leading to a denial
> >	of service.
> >
> >Fixes for this issue have hit natty and later via mainline and stable.
> >Releases prior to natty are not affected.  Following this email is the
> >one remaining patch required for natty/ti-omap4, this is a direct
> >cherry-pick of the upstream backport on natty/master.
> >
> >Proposing for natty/ti-omap4.
> >
> >-apw
> >
> Is this the right description? The patch appears to have nothing to
> do with bridge code.

Ahh yes I can see how that might appear.  The original stack is actually
3 patches, as below.  The other two have already made it down through
stable leaving this one allied patch which is indeed more generic but
deemed needed as part of the triumvate to fix the CVE:

f8e9881c2aef1e982e5abc25c046820cd0b7cf64 bridge: reset IPCB in br_parse_ip_options
66944e1c5797562cebe2d1857d46dff60bf9a69e inetpeer: reduce stack usage
c65353daf137dd41f3ede3baf62d561fca076228 ip: ip_options_compile() resilient to NULL skb route


More information about the kernel-team mailing list