Vigil@nce: Linux kernel, denial of service via rtl8169
December 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can use a memory leak of the rtl8169 driver, in order to generate a denial of service.
Consequences: denial of service of computer
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 16/12/2009
Red Hat Enterprise Linux
SUSE Linux Enterprise Server
DESCRIPTION OF THE VULNERABILITY
The rtl8169 driver implements the support of network adapters of the Realtek RTL81xx suite. These adapters can receive Ethernet frames with a size of 16383 bytes (jumbo frames).
However, the rtl8169_rx_interrupt() and rtl8169_start_xmit() functions of the drivers/net/r8169.c file do not free the memory used by large frames.
An attacker located on a network supporting jumbo frames can therefore send numerous frames in order to generate a denial of service.
Identifiers: BID-36706, CVE-2009-3613, DSA 1915-1, DSA 1928-1, RHSA-2009:1540-01, RHSA-2009:1548-01, RHSA-2009:1671-01, SUSE-SA:2009:064, VIGILANCE-VUL-9293