Launchpad has imported 10 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3412.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2012-07-31T13:27:49+00:00 Petr wrote: A peer (or local user) may cause TCP to use a nominal MSS of as little as 88 (actual MSS of 76 with timestamps). Given that we have a sufficiently prodigious local sender and the peer ACKs quickly enough, it is nevertheless possible to grow the window for such a connection to the point that we will try to send just under 64K at once. This results in a single skb that expands to 861 segments. In some drivers with TSO support, such an skb will require hundreds of DMA descriptors; a substantial fraction of a TX ring or even more than a full ring. The TX queue selected for the skb may stall and trigger the TX watchdog repeatedly (since the problem skb will be retried after the TX reset). Upstream patch: http://www.spinics.net/lists/netdev/msg206332.html References: http://seclists.org/oss-sec/2012/q3/171 Acknowledgements: Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting this issue. Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1034281/comments/0 ------------------------------------------------------------------------ On 2012-08-03T12:35:31+00:00 Petr wrote: Created kernel tracking bugs for this issue Affects: fedora-all [bug 845558] Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1034281/comments/1 ------------------------------------------------------------------------ On 2012-08-03T16:46:54+00:00 Petr wrote: Mitigation as recommended by Ben Hutchings ------------------------------------------ If all processes that may send on the sfc interface use Onload, or do not use TCP, the vulnerability does not exist. The vulnerability can otherwise be avoided by making a temporary configuration change. For an sfc interface named eth0, either: a. Increase the TX queue size: ethtool -G eth0 tx 4096 This can increase TX latency and memory usage. or: b. Disable TSO: ethtool -K eth0 tso off This can reduce TX throughput and/or increase CPU usage. Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1034281/comments/2 ------------------------------------------------------------------------ On 2012-10-02T17:11:36+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: RHEV-H, V2V and Agents for RHEL-5 Via RHSA-2012:1324 https://rhn.redhat.com/errata/RHSA-2012-1324.html Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1034281/comments/4 ------------------------------------------------------------------------ On 2012-10-02T17:45:30+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1323 https://rhn.redhat.com/errata/RHSA-2012-1323.html Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1034281/comments/5 ------------------------------------------------------------------------ On 2012-10-09T10:28:53+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 5.6 EUS - Server Only Via RHSA-2012:1347 https://rhn.redhat.com/errata/RHSA-2012-1347.html Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1034281/comments/6 ------------------------------------------------------------------------ On 2012-10-16T14:46:08+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1366 https://rhn.redhat.com/errata/RHSA-2012-1366.html Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1034281/comments/7 ------------------------------------------------------------------------ On 2012-10-18T16:46:58+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: RHEV-H and Agents for RHEL-6 Via RHSA-2012:1375 https://rhn.redhat.com/errata/RHSA-2012-1375.html Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1034281/comments/8 ------------------------------------------------------------------------ On 2012-10-23T18:11:32+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 6.2 EUS - Server Only Via RHSA-2012:1401 https://rhn.redhat.com/errata/RHSA-2012-1401.html Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1034281/comments/9 ------------------------------------------------------------------------ On 2012-11-06T18:06:34+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 6.1 EUS - Server Only Via RHSA-2012:1430 https://rhn.redhat.com/errata/RHSA-2012-1430.html Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1034281/comments/10 ** Changed in: linux (Fedora) Status: Unknown => Fix Released ** Changed in: linux (Fedora) Importance: Unknown => High -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1034281 Title: CVE-2012-3412 Status in linux package in Ubuntu: Fix Released Status in linux package in Fedora: Fix Released Bug description: A peer (or local user) may cause TCP to use a nominal MSS of as little as 88 (actual MSS of 76 with timestamps). Given that we have a sufficiently prodigious local sender and the peer ACKs quickly enough, it is nevertheless possible to grow the window for such a connection to the point that we will try to send just under 64K at once. This results in a single skb that expands to 861 segments. In some drivers with TSO support, such an skb will require hundreds of DMA descriptors; a substantial fraction of a TX ring or even more than a full ring. The TX queue selected for the skb may stall and trigger the TX watchdog repeatedly (since the problem skb will be retried after the TX reset). Upstream patch: http://www.spinics.net/lists/netdev/msg206332.html References: http://seclists.org/oss-sec/2012/q3/171 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1034281/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
