Internet threat level: 1
Home→Descriptions→SA35265
Linux Kernel e1000 / e1000e / RTL8169 Drivers Denial of Service Vulnerabilities
| Secunia ID | |
| CVE-ID |
CVE-2009-1385, CVE-2009-1389, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 |
| Release Date |
03 Jun 2009 |
| Last Change |
10 Feb 2010 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Where | |
| Impact |
DoS (Denial of Service)This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. |
| Description |
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A vulnerability is caused due to an error in the "e1000_clean_rx_irq()" function in drivers/net/e1000/e1000_main.c. This can be exploited to cause a kernel panic via specially crafted network packets sent to an affected system. 2) A vulnerability is caused due to an error within the RTL8169 driver when receiving overly large network packets. This can be exploited to cause a kernel panic via specially crafted network packets sent to an affected system. 3) A vulnerability is caused due to an error in the "e1000_clean_rx_irq()" function in drivers/net/e1000e/netdev.c. This can be exploited to cause a kernel panic via specially crafted network packets sent to an affected system. |
| Solution |
Update to version 2.6.32.8. |
| Reported by |
1) Neil Horman Incomplete fixes noticed by Fabian Yamaguchi. |
| Original Advisory |
1) http://git.kernel.org/linus/ea30e11970a96cfe5e32c03a29332554573b4a10 |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.