Bug#532721: linux-2.6: CVE-2009-1385 dos in e1000 driver

To: submit@bugs.debian.org
Subject: Bug#532721: linux-2.6: CVE-2009-1385 dos in e1000 driver
From: Michael S Gilbert <michael.s.gilbert@gmail.com>
Date: Wed, 10 Jun 2009 18:45:18 -0400
Message-id: <[🔎] 8e2a98be0906101545m713d4f80xe00b3c018e179441@mail.gmail.com>
Reply-to: Michael S Gilbert <michael.s.gilbert@gmail.com>, 532721@bugs.debian.org

Package: linux-2.6
Severity: important
Version: 2.6.18.dfsg.1-24 (and newer)
Tags: security , patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for linux-2.6.

CVE-2009-1385[0]:
| Integer underflow in the e1000_clean_rx_irq function in
| drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel
| before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel
| Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to
| cause a denial of service (panic) via a crafted frame size.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Patches available [1].

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385
    http://security-tracker.debian.net/tracker/CVE-2009-1385
[1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ea30e11970a96cfe5e32c03a29332554573b4a10

Reply to:

Prev by Date: Bug#532562: linux-image-2.6.26-2-versatile: Kernel panics randomly while using apt-get
Next by Date: Bug#532722: linux-2.6: CVE-2009-1914 local dos in /proc/iomem on sparc
Previous by thread: Bug#524928: marked as done (initramfs-tools: wrong path for elilo)
Next by thread: Bug#532722: linux-2.6: CVE-2009-1914 local dos in /proc/iomem on sparc
Index(es):
- Date
- Thread