7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.055 Low
EPSS
Percentile
93.1%
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and
earlier does not properly check the size of an Ethernet frame that exceeds
the MTU, which allows remote attackers to (1) cause a denial of service
(temporary network outage) via a packet with a crafted size, in conjunction
with certain packets containing A characters and certain packets containing
E characters; or (2) cause a denial of service (system crash) via a packet
with a crafted size, in conjunction with certain packets containing β\0β
characters, related to the value of the status register and erroneous
behavior associated with the RxMaxSize register. NOTE: this vulnerability
exists because of an incorrect fix for CVE-2009-1389.
Author | Note |
---|---|
kees | http://marc.info/?l=linux-netdev&m=126202972828626&w=2 http://marc.info/?l=linux-netdev&m=126269986618934&w=2 |