CVE-2011-1576

Published: 31 August 2011

The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.

From the Ubuntu security team

Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
Patches:
Introduced by 5d0d9be8ef456afc6c3fb5f8aad06ef19b704b05
Fixed by 3701e51382a026cba10c60b03efabe534fba4ca4
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.37~rc1)

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading