thr3ads.net - Secure testing team - [Secure-testing-team] Bug#643817: Fix for CVE-2011-2699 can result in crash in VM hosts [Sep 2011]

If this information is useful, please help other people find it:
Share via:

Ben Hutchings

2011-Sep-30 02:31 UTC

[Secure-testing-team] Bug#643817: Fix for CVE-2011-2699 can result in crash in VM hosts

Package: linux-2.6
Version: 2.6.32-36
Severity: serious
Tags: security patch

VM guests using the virtio_net driver may take advantage of UFO (UDP
fragmentation offload) which results in the VM host performing
fragmentation.  As discussed in
<http://thread.gmane.org/gmane.linux.kernel/1196272>, the new IPv6
fragment ID generator will crash in this case because the expected
routing context is missing.

No fix is yet available, so we should revert the original fix and
sort this out properly later.

Ben.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, ''unstable''), (500,
''stable''), (1, ''experimental'')
Architecture: i386 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Secure testing team - Sep 2011 - Bug#643817: Fix for CVE-2011-2699 can result in crash in VM hosts

[Secure-testing-team] Bug#643817: Fix for CVE-2011-2699 can result in crash in VM hosts