Bug 817643 (CVE-2013-2017) - VUL-1: kernel: veth: CVE-2013-2017: double-free in case of congestion
Summary: VUL-1: kernel: veth: CVE-2013-2017: double-free in case of congestion
Status: RESOLVED FIXED
Alias: CVE-2013-2017
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: E-mail List
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-29 12:40 UTC by Sebastian Krahmer
Modified: 2013-07-18 09:11 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2013-04-29 12:40:44 UTC 
Via OSS-sec:


Date: Mon, 29 Apr 2013
From: Petr Matousek
To: oss-security


Description of the problem:
A flaw was found in the way Virtual Ethernet driver implementation in
the Linux kernel handled skbs in case of congestion.

A remote attacker could potentially use this flaw to crash the system.

Introduced in:
2.6.33-rc1

Fixed in:
2.6.34

Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ec82562ffc6f297d0de36d65776cff8e5704867

References:
http://marc.info/?l=linux-netdev&m=127310770900442&w=3

Thanks,
--
Petr Matousek / Red Hat Security Response Team
Comment 1 Swamp Workflow Management 2013-04-29 22:00:28 UTC 
bugbot adjusting priority
Comment 2 Sebastian Krahmer 2013-04-30 06:23:57 UTC 
CVE-2013-2017
Comment 3 Marcus Meissner 2013-07-18 09:11:09 UTC 
sle11 sp1 might have gotten a backport of veth, but it does not look like it.

so i think nothing is affected.