lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Nov 2016 02:10:44 +0100 From: Francois Romieu <romieu@...zoreil.com> To: Hayes Wang <hayeswang@...ltek.com> Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, nic_swsd <nic_swsd@...ltek.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>, "mlord@...ox.com" <mlord@...ox.com> Subject: Re: [PATCH net 2/2] r8152: rx descriptor check Hayes Wang <hayeswang@...ltek.com> : > Francois Romieu [mailto:romieu@...zoreil.com] > > Sent: Friday, November 11, 2016 8:13 PM > [...] > > Invalid packet size corrupted receive descriptors in Realtek's device > > reminds of CVE-2009-4537. > > Do you mean that the driver would get a packet exceed the size > which is set to RxMaxSize ? If it was possible to get it wrong once, it should be possible to get it wrong twice, especially if some part of the hardware design is recycled. I don't mean anything else. I won't speculate about some cache consistency issue or some badly aborted dma transaction to explain the memory corruption. -- Ueimor
Powered by blists - more mailing lists