*** This bug is a security vulnerability *** Public security bug reported:
A peer (or local user) may cause TCP to use a nominal MSS of as little as 88 (actual MSS of 76 with timestamps). Given that we have a sufficiently prodigious local sender and the peer ACKs quickly enough, it is nevertheless possible to grow the window for such a connection to the point that we will try to send just under 64K at once. This results in a single skb that expands to 861 segments. In some drivers with TSO support, such an skb will require hundreds of DMA descriptors; a substantial fraction of a TX ring or even more than a full ring. The TX queue selected for the skb may stall and trigger the TX watchdog repeatedly (since the problem skb will be retried after the TX reset). Upstream patch: http://www.spinics.net/lists/netdev/msg206332.html References: http://seclists.org/oss-sec/2012/q3/171 ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Tags: kernel-cve-tracking-bug ** Tags added: kernel-cve-tracking-bug ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3412 ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1034281 Title: CVE-2012-3412 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1034281/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
