A vulnerability was found in the Linux kernel, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating the local variable free thus causing out of array bounds access. Adding VLAN or MAC addresses are administrative actions or require CAP_NET_ADMIN capabilities to execute these instructions, regular local users can not trigger this flaw. Reference: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0926f91083f34d047abc74f1ca4fa6a9c161f7db https://github.com/torvalds/linux/commit/0926f91083f34d047abc74f1ca4fa6a9c161f7db https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1743605]
This was fixed for Fedora in 2.6.37, and never present in any currently supported version of Fedora.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2010-5332