ACK/Cmnt: [PATCH 0/2][Bionic/Groovy] CVE-2021-29264: gianfar negative fragment size
Stefan Bader
stefan.bader at canonical.com
Thu Apr 8 07:00:59 UTC 2021
On 02.04.21 20:08, Tim Gardner wrote:
> [SRU Justification]
>
> An issue was discovered in the Linux kernel through 5.11.10.
> drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet
> driver allows attackers to cause a system crash because a negative fragment size
> is calculated in situations involving an rx queue overrun when jumbo packets are
> used and NAPI is enabled, aka CID-d8861bab48b6.
>
> Introduced by 6c389fc931bcda88940c809f752ada6d7799482c (v4.8)
>
> [Test Plan]
>
> [Where problems could occur]
> Released in stable kernels:
> linux-4.19.y
> linux-5.10.y
> linux-5.11.y
> linux-5.4.y
For this submission it is irrelevant which other upstream kernels carry this
patch. Where problems could occur / regression potential is:
Doing network with the specific NIC and hitting negative fragments, the
additional cleanup could show up as new crashes related to gfar_clean_rx_ring().
>
> [Other Info]
> None
>
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20210408/442568da/attachment.sig>
More information about the kernel-team
mailing list