Summary: | Kernel : tg3: buffer overflow in VPD firmware parsing (CVE-2013-1929) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kernel |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=949932 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-04-10 18:20:18 UTC
CVE-2013-1929 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1929): Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. Patch in 3.9 onwards |