[CVE-2011-2723] gro: Only reset frag0 when skb can be pulled

Andy Whitcroft apw at canonical.com
Tue Sep 13 16:48:43 UTC 2011


CVE-2011-2723
	The skb_gro_header_slow function in include/linux/netdevice.h in
	the Linux kernel before 2.6.39.4, when Generic Receive Offload
	(GRO) is enabled, resets certain fields in incorrect situations,
	which allows remote attackers to cause a denial of service
	(system crash) via crafted network traffic.

This problem was introduced between hardy and lucid.  Fixes for
lucid/master, oneiric, and oneiric/ti-omap4 have come down via stable
and mainline.  Following this email is a patch which applies to
lucid/fsl-imx51, maverick, maverick/ti-omap4, natty, and natty/ti-omap4.
This is a clean cherry-pick from mainline.

Proposing for lucid/fsl-imx51, maverick, maverick/ti-omap4, natty,
natty/ti-omap4.

-apw




More information about the kernel-team mailing list