[Bug 792312] Re: CVE-2011-1581

Mon, 01 Aug 2011 20:21:58 -0700 

** Changed in: linux-ti-omap4 (Ubuntu Oneiric)
       Status: Confirmed => Fix Committed

** Description changed:

- Fixed By:
+ The bond_select_queue function in drivers/net/bonding/bond_main.c in the
+ Linux kernel before 2.6.39, when a network device with a large number of
+ receive queues is installed but the default tx_queues setting is used,
+ does not properly restrict queue indexes, which allows remote attackers
+ to cause a denial of service (BUG and system crash) or possibly have
+ unspecified other impact by sending network traffic.
  
-   commit fd0e435b0fe85622f167b84432552885a4856ac8
-   Author: Phil Oester <[email protected]>
-   Date:   Mon Mar 14 06:22:04 2011 +0000
- 
-     bonding: Incorrect TX queue offset
-     
-     When packets come in from a device with >= 16 receive queues
-     headed out a bonding interface, syslog gets filled with this:
-     
-         kernel: bond0 selects TX queue 16, but real number of TX queues is 16
-     
-     because queue_mapping is offset by 1.  Adjust return value
-     to account for the offset.
-     
-     This is a revision of my earlier patch (which did not use the
-     skb_rx_queue_* helpers - thanks to Ben for the suggestion).
-     Andy submitted a similar patch which emits a pr_warning on
-     invalid queue selection, but I believe the log spew is
-     not useful.  We can revisit that question in the future,
-     but in the interim I believe fixing the core problem is
-     worthwhile.
-     
-     Signed-off-by: Phil Oester <[email protected]>
-     Signed-off-by: Andy Gospodarek <[email protected]>
-     Signed-off-by: David S. Miller <[email protected]>
- 
- Introduced By:
- 
-   commit bb1d912323d5dd50e1079e389f4e964be14f0ae3
-   Author: Andy Gospodarek <[email protected]>
-   Date:   Wed Jun 2 08:40:18 2010 +0000
- 
-     bonding: allow user-controlled output slave selection
+ Fixed-by: fd0e435b0fe85622f167b84432552885a4856ac8

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/792312

Title:
  CVE-2011-1581

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/792312/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to