Your submission was sent successfully! Close

CVE-2011-2942

Published: 21 October 2011

A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device.

From the Ubuntu Security Team

Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service.

Notes

AuthorNote
apw
Redhat claims the fix below fixes the issue:
bridge: fix use after free in __br_deliver
this looks to be fixed upstream by:
bridge: Fix netpoll support
only a very small part of this delivering the actual fix.
This was introduced in the patch below:
netpoll: add generic support for bridge and bonding devices
For maverick netpoll is re-disabled for bridge by the commit below:
bridge: Partially disable netpoll support
Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
hardy Not vulnerable

lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable
(2.6.37-2.9)
oneiric Not vulnerable
(2.6.39-0.0)
precise Not vulnerable
(3.1.0-1.1)
upstream
Released (2.6.36~rc1)
Patches:
vendor: https://rhn.redhat.com/errata/RHSA-2011-1386.html
Introduced by

0e34e93177fb1f642cab080e0bde664c06c7183a

Fixed by 91d2c34a4eed32876ca333b0ca44f3bc56645805
linux-armadaxp
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Not vulnerable
(3.2.0-1600.1)
upstream
Released (2.6.36~rc1)
linux-ec2
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Ignored
(binary supplied by "linux" now)
natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (2.6.36~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (2.6.36~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (2.6.36~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (2.6.38-1.27~lucid1)
maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (2.6.36~rc1)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (3.0.0-5.6~lucid1)
maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (2.6.36~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Not vulnerable

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (2.6.36~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Not vulnerable

natty Not vulnerable
(2.6.38-1201.2)
oneiric Not vulnerable
(2.6.38-1309.13)
precise Not vulnerable
(3.0.0-1401.2)
upstream
Released (2.6.36~rc1)