Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4C309F29.5040006@kernel.sg>
Date: Sun, 04 Jul 2010 22:48:09 +0800
From: Eugene Teo <eugeneteo@...nel.sg>
To: oss-security@...ts.openwall.com
CC: Moritz Muehlenhoff <jmm@...til.org>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request: kernel: l2tp: Fix oops in pppol2tp_xmit

On 07/04/2010 07:13 PM, Moritz Muehlenhoff wrote:
> On Wed, Jun 23, 2010 at 11:43:51AM +0800, Eugene Teo wrote:
>> "When transmitting L2TP frames, we derive the outgoing interface's
>> UDP checksum hardware assist capabilities from the tunnel dst dev.
>> This can sometimes be NULL, especially when routing protocols are
>> used and routing changes occur. This patch just checks for NULL dst
>> or dev pointers when checking for netdev hardware assist features.
>>
>>      BUG: unable to handle kernel NULL pointer dereference at 0000000c
>>      IP: [<f89d074c>] pppol2tp_xmit+0x341/0x4da [pppol2tp]
>>      *pde = 00000000
>>      Oops: 0000 [#1] SMP
>>      last sysfs file: /sys/class/net/lo/operstate
>> [...]"
>>
>> Introduced in ffcebb16 (v2.6.29-rc1~581), fixed in 3feec909 (fixed
>> in v2.6.34-rc2). (It was later split into different files in commit
>> fd558d18 v2.6.35-rc1).
>>
>> I'm not requesting a CVE name for this because it did not affect any
>> of our supported kernels. FYI.
>
> Steve, please assign a CVE ID for this.

cc'ed coley@...us.mitre.org.

Please change the subject as well so that we know this needs a CVE name.

Thanks, Eugene
-- 
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.