CVE-2009-3613
published 2009-10-19CVE-2009-3613: The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service…
PriorityP344high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
12.46%
95.7th percentile
The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
Affected
285 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | <= 2.6.27.21 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat7.8HIGH
vendor_ubuntu4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2009-12-05·CVSS 4.9
CVE-2009-3726 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
It was discovered that the AX.25 network subsystem did not correctly
check integer signedness in certain setsockopt calls. A local attacker
could exploit this to crash the system, leading to a denial of service.
Ubuntu 9.10 was not affected. (CVE-2009-2909)
Jan Beulich discovered that the kernel could leak register contents to
32-bit processes that were switched to 64-bit mode. A local attacker
could run a specially crafted binary to read register values from an
earlier process, leading to a loss of privacy. (CVE-2009-2910)
Dave Jones discovered that the gdth SCSI driver did not correctly validate
array indexes in certain ioctl calls. A local attacker could exploit
this to crash the system or gain elevated privil
Red Hat
kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500
vendor_redhat·2007-11-28·CVSS 7.8
CVE-2009-3613 [HIGH] kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500
kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500
The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
GHSA
GHSA-mvgw-4hv5-4j3h: The swiotlb functionality in the r8169 driver in drivers/net/r8169
ghsa_unreviewed·2022-05-02
CVE-2009-3613 [HIGH] GHSA-mvgw-4hv5-4j3h: The swiotlb functionality in the r8169 driver in drivers/net/r8169
The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
No detection rules found.
http://bugzilla.kernel.org/show_bug.cgi?id=9468http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97d477a914b146e7e6722ded21afa79886ae8ccdhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a866bbf6aacf95f849810079442a20be118ce905http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.htmlhttp://lists.vmware.com/pipermail/security-announce/2010/000082.htmlhttp://marc.info/?l=oss-security&m=125561712529352&w=2http://secunia.com/advisories/37909http://secunia.com/advisories/38794http://secunia.com/advisories/38834http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.22http://www.redhat.com/support/errata/RHSA-2009-1671.htmlhttp://www.securityfocus.com/bid/36706http://www.ubuntu.com/usn/usn-864-1http://www.vupen.com/english/advisories/2010/0528https://bugzilla.redhat.com/show_bug.cgi?id=529137https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10209https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7377https://rhn.redhat.com/errata/RHSA-2009-1540.htmlhttps://rhn.redhat.com/errata/RHSA-2009-1548.htmlhttp://bugzilla.kernel.org/show_bug.cgi?id=9468http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=97d477a914b146e7e6722ded21afa79886ae8ccdhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a866bbf6aacf95f849810079442a20be118ce905http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.htmlhttp://lists.vmware.com/pipermail/security-announce/2010/000082.htmlhttp://marc.info/?l=oss-security&m=125561712529352&w=2http://secunia.com/advisories/37909http://secunia.com/advisories/38794http://secunia.com/advisories/38834http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.22http://www.redhat.com/support/errata/RHSA-2009-1671.htmlhttp://www.securityfocus.com/bid/36706http://www.ubuntu.com/usn/usn-864-1http://www.vupen.com/english/advisories/2010/0528https://bugzilla.redhat.com/show_bug.cgi?id=529137https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10209https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7377https://rhn.redhat.com/errata/RHSA-2009-1540.htmlhttps://rhn.redhat.com/errata/RHSA-2009-1548.html
2009-10-19
Published