CVE-2009-1385

CWE-189 CWE-190 — Integer Overflow CWE-119 — Buffer Overflow9 documents6 sources

Severity

7.8HIGH

EPSS

13.9%

top 5.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel E1000 Linux Linux Kernel Linux Kernel

Timeline

PublishedJun 4

Latest updateMay 2

Description

Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶NVDintel/e10007.4.35+22

▶NVDlinux/linux_kernel2.6.28+94

▶NVDlinux/kernel2.6.24.7, 2.6.25.15+1

Patches

Patch: sourceforge.net ↗Patch: www.kernel.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-pp2r-wqw2-9r3r: Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main↗2022-05-02

▶

CVEList

CVE-2009-1385: Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main↗2009-06-04

▶

📋Vendor Advisories

Red Hat

kernel: e1000 issue reported at 26c3↗2009-12-28

▶

Ubuntu

Linux kernel vulnerabilities↗2009-07-02

▶

Red Hat

kernel: e1000_clean_rx_irq() denial of service↗2007-04-25

▶

💬Community

Bugzilla

CVE-2009-4536 kernel: e1000 issue reported at 26c3↗2010-01-04

▶

Bugzilla

CVE-2009-1385 kernel: e1000_clean_rx_irq() denial of service↗2009-05-28

▶