Bug 844714 (CVE-2012-3412)
Summary: | CVE-2012-3412 kernel: sfc: potential remote denial of service through TCP MSS option | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Petr Matousek <pmatouse> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | agordeev, anton, bhu, davej, dhoward, fhrbata, gansalmon, itamar, jforbes, jkacur, jonathan, jrusnack, jwboyer, kernel-maint, kernel-mgr, lgoncalv, lwang, madhu.chinakonda, plougher, rcvalle, rt-maint, sforsber, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-08-24 12:25:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 845554, 845555, 845556, 845557, 845558, 852354, 852355, 852356 | ||
Bug Blocks: | 844716 |
Description
Petr Matousek
2012-07-31 13:27:49 UTC
Created kernel tracking bugs for this issue Affects: fedora-all [bug 845558] Mitigation as recommended by Ben Hutchings ------------------------------------------ If all processes that may send on the sfc interface use Onload, or do not use TCP, the vulnerability does not exist. The vulnerability can otherwise be avoided by making a temporary configuration change. For an sfc interface named eth0, either: a. Increase the TX queue size: ethtool -G eth0 tx 4096 This can increase TX latency and memory usage. or: b. Disable TSO: ethtool -K eth0 tso off This can reduce TX throughput and/or increase CPU usage. This issue has been addressed in following products: RHEV-H, V2V and Agents for RHEL-5 Via RHSA-2012:1324 https://rhn.redhat.com/errata/RHSA-2012-1324.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1323 https://rhn.redhat.com/errata/RHSA-2012-1323.html This issue has been addressed in following products: Red Hat Enterprise Linux 5.6 EUS - Server Only Via RHSA-2012:1347 https://rhn.redhat.com/errata/RHSA-2012-1347.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1366 https://rhn.redhat.com/errata/RHSA-2012-1366.html This issue has been addressed in following products: RHEV-H and Agents for RHEL-6 Via RHSA-2012:1375 https://rhn.redhat.com/errata/RHSA-2012-1375.html This issue has been addressed in following products: Red Hat Enterprise Linux 6.2 EUS - Server Only Via RHSA-2012:1401 https://rhn.redhat.com/errata/RHSA-2012-1401.html This issue has been addressed in following products: Red Hat Enterprise Linux 6.1 EUS - Server Only Via RHSA-2012:1430 https://rhn.redhat.com/errata/RHSA-2012-1430.html |