Bug 738202 (CVE-2011-3359)

Summary: CVE-2011-3359 kernel: b43: allocate receive buffers big enough for max frame len + offset
Product: [Other] Security Response Reporter: Petr Matousek <pmatouse>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: anton, arozansk, bhu, davej, dhoward, fhrbata, jkacur, kernel-mgr, kmcmartin, lgoncalv, lwang, plougher, rt-maint, sforsber, tcallawa, vgoyal, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20110327,reported=20110327,source=internet,cvss2=4.6/AV:A/AC:H/Au:N/C:N/I:N/A:C,rhel-6/kernel=affected,mrg-2/realtime-kernel=affected,rhel-5/kernel=notaffected,rhel-4/kernel=notaffected,fedora-all/kernel=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-10 13:24:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 738204, 738205, 738206, 748688, 761368    
Bug Blocks: 738203    

Description Petr Matousek 2011-09-14 10:31:24 UTC
A flaw has been found in a way b43 driver processed incoming frames. An attacker able to send frames to the systems with Broadcom 43xx series wireless devices could use this flaw to crash the systems.

Upstream patch:
c85ce65ecac078ab1a1835c87c4a6319cf74660a

References:
https://bugzilla.kernel.org/show_bug.cgi?id=32042
https://github.com/torvalds/linux/commits/c85ce65ecac078ab1a1835c87c4a6319cf74660a

Comment 3 Petr Matousek 2011-09-14 10:38:31 UTC
Statement:

This issue did not affect the versions of the Linux kernel as shipped with Red
Hat Enterprise Linux 4 and 5 as they did not provide support for Broadcom 43xx wireless devices. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html.

Comment 4 Eugene Teo (Security Response) 2011-10-25 04:05:40 UTC
Created kernel tracking bugs for this issue

Affects: fedora-all [bug 748688]

Comment 5 errata-xmlrpc 2011-11-22 16:50:57 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1465 https://rhn.redhat.com/errata/RHSA-2011-1465.html

Comment 7 errata-xmlrpc 2012-01-10 20:16:30 UTC
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2012:0010 https://rhn.redhat.com/errata/RHSA-2012-0010.html