Bug 296393 (CVE-2009-1298)

Summary:	Kernel: ip_frag_reasm() in ipv4/ip_fragment.c NULL pointer dereference (CVE-2009-1298)
Product:	Gentoo Security	Reporter:	Stefan Behte (RETIRED) <craig>
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	hardened-kernel+disabled, kernel, WineLauncher.Jonathan
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bbf31bf18d34caa87dd01f08bf713635593697f2
Whiteboard:	[linux <2.6.30.10] [linux >=2.6.31 <2.6.31.7] [gp <2.6.31-8]
Package list:		Runtime testing required:	---

Description Stefan Behte (RETIRED) gentoo-dev

2009-12-10 11:59:22 UTC

CVE-2009-1298 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1298):
  The ip_frag_reasm function in ipv4/ip_fragment.c in Linux kernel
  2.6.32-rc8, and possibly earlier versions, calls IP_INC_STATS_BH with
  an incorrect argument, which allows remote attackers to cause a
  denial of service (NULL pointer dereference and hang) via long IP
  packets, possibly related to the ip_defrag function.

Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev

2009-12-10 12:11:22 UTC

Dupe of bug #296383 maybe?

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2009-12-10 12:21:45 UTC

Already fixed. The other bug contained the ext4 issue, too. That will be tracked there, we track CVE-2009-1298 here. I was interrupted while filing, so it popped up after I had searched, sorry.