Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 21 Nov 2011 11:32:45 +0800
From: Eugene Teo <>
CC: "Steven M. Christey" <>
Subject: CVE-2011-4112 kernel: null ptr deref at dev_queue_xmit+0x35/0x4d0

This can be triggered by setting up a bridge over vlan, and running pktgen.


Upstream commits:
After the last patch, We are left in a state in which only drivers
calling ether_setup have IFF_TX_SKB_SHARING set (we assume that drivers
touching real hardware call ether_setup for their net_devices and don't
hold any state in their skbs.  There are a handful of drivers that
violate this assumption of course, and need to be fixed up.  This patch
identifies those drivers, and marks them as not being able to support
the safe transmission of skbs by clearning the IFF_TX_SKB_SHARING flag
in priv_flags

Pktgen attempts to transmit shared skbs to net devices, which can't be
used by some drivers as they keep state information in skbs.  This patch
adds a flag marking drivers as being able to handle shared skbs in their
tx path.  Drivers are defaulted to being unable to do so, but calling
ether_setup enables this flag, as 90% of the drivers calling ether_setup
touch real hardware and can handle shared skbs.  A subsequent patch will
audit drivers to ensure that the flag is set properly

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.