CVE-2011-1576
Published: 31 August 2011
The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.
From the Ubuntu security team
Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
Patches: Introduced by 5d0d9be8ef456afc6c3fb5f8aad06ef19b704b05 Fixed by 3701e51382a026cba10c60b03efabe534fba4ca4 |
||
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.6.37~rc1)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576
- https://usn.ubuntu.com/usn/usn-1220-1
- https://usn.ubuntu.com/usn/usn-1219-1
- https://usn.ubuntu.com/usn/usn-1227-1
- https://usn.ubuntu.com/usn/usn-1239-1
- https://usn.ubuntu.com/usn/usn-1245-1
- https://usn.ubuntu.com/usn/usn-1241-1
- https://usn.ubuntu.com/usn/usn-1240-1
- https://usn.ubuntu.com/usn/usn-1253-1
- https://usn.ubuntu.com/usn/usn-1256-1
- NVD
- Launchpad
- Debian