From ${URL} : Linux kernel built with the Broadcom tg3 ethernet driver is vulnerable to a buffer overflow. This could occur when the tg3 driver reads and copies firmware string from hardware's product data(VPD), if it exceeds 32 characters. A user with physical access to a machine could use this flaw to crash the system or, potentially, escalate their privileges on the system. Upstream fix: ------------- -> https://git.kernel.org/linus/715230a44310a8cf66fbfb5a46f9a62a9b2de424 Reference: ---------- -> http://openwall.com/lists/oss-security/2013/04/05/2
CVE-2013-1929 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1929): Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.
Patch in 3.9 onwards