Bug 1944689 (CVE-2021-29264)
Summary: | CVE-2021-29264 kernel: DoS due to negative fragment size calculation in drivers/net/ethernet/freescale/gianfar.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, bdettelb, bhu, blc, bmasney, brdeoliv, bskeggs, chwhite, crwood, dhoward, dvlasenk, fhrbata, fpacheco, hdegoede, hkrzesin, jarodwilson, jeremy, jforbes, jglisse, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mlangsdo, nmurray, ptalbert, qzhao, rvrbovsk, steved, tomckay, walters, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the Linux kernel. The Freescale Gianfar Ethernet driver allows attackers to cause a system crash due to a negative fragment size calculated in situations involving an RX queue overrun when jumbo packets are used and NAPI is enabled. The highest threat from this vulnerability is to data integrity and system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-04-05 17:35:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1944690 | ||
Bug Blocks: | 1944691 |
Description
Guilherme de Almeida Suckevicz
2021-03-30 13:51:41 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1944690] Statement: This flaw is rated as having Moderate impact because of the need to have privileges and both configuration with the usage of jumbo packets that is available only for the local network. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-29264 |