Vulnerability Description
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | E1000 | <= 7.4.35 |
| Linux | Kernel | 2.6.24.7 |
| Linux | Linux Kernel | <= 2.6.28 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html
- http://osvdb.org/54892
- http://secunia.com/advisories/35265Vendor Advisory
- http://secunia.com/advisories/35566
- http://secunia.com/advisories/35623
- http://secunia.com/advisories/35656
- http://secunia.com/advisories/35847
- http://secunia.com/advisories/36051
- http://secunia.com/advisories/36131
- http://secunia.com/advisories/36327
- http://secunia.com/advisories/37471
- http://sourceforge.net/project/shownotes.php?release_id=504022&group_id=42302Patch
- http://wiki.rpath.com/Advisories:rPSA-2009-0111
- http://www.debian.org/security/2009/dsa-1844
FAQ
What is CVE-2009-1385?
CVE-2009-1385 is a vulnerability with a CVSS score of 7.8 (HIGH). Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired...
How severe is CVE-2009-1385?
CVE-2009-1385 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1385?
Check the references section above for vendor advisories and patch information. Affected products include: Intel E1000, Linux Kernel, Linux Linux Kernel.