Bug#532721: linux-2.6: CVE-2009-1385 dos in e1000 driver

To: Michael S Gilbert <michael.s.gilbert@gmail.com>
Cc: 532721@bugs.debian.org
Subject: Bug#532721: linux-2.6: CVE-2009-1385 dos in e1000 driver
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 23 Jul 2009 19:41:47 +0200
Message-id: <[🔎] 20090723174147.GG29985@inutil.org>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 532721@bugs.debian.org
In-reply-to: <8e2a98be0906101545m713d4f80xe00b3c018e179441@mail.gmail.com>
References: <8e2a98be0906101545m713d4f80xe00b3c018e179441@mail.gmail.com>

Version: 2.6.30-1

On Wed, Jun 10, 5A2009 at 06:45:18PM -0400, Michael S Gilbert wrote:
> Package: linux-2.6
> Severity: important
> Version: 2.6.18.dfsg.1-24 (and newer)
> Tags: security , patch
> 
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for linux-2.6.
> 
> CVE-2009-1385[0]:
> | Integer underflow in the e1000_clean_rx_irq function in
> | drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel
> | before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel
> | Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to
> | cause a denial of service (panic) via a crafted frame size.
> 
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.

Fixed in 2.6.30.

Cheers,
        Moritz

Reply to:

Prev by Date: Processed: tagging 525625
Next by Date: Bug#502452: kernel: UDF written file corrupted by zeros
Previous by thread: Processed: tagging 525625
Next by thread: Bug#502452: kernel: UDF written file corrupted by zeros
Index(es):
- Date
- Thread