CVE-2009-4536 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4536): drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
CVE-2009-4538 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4538): drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=40a14deaf411592b57cb0720f0e8004293ab9865 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9926146b15fd96d78a4f7c32e7a26d50639369f4 Maybe I missed a commit, but those mentioned above have been definitely fixed during 2.6.32-rc6.
...fixed during 2.6.33-rc6. (As far as I can tell, 2.6.32.7 is still affected)