Aleksander Jan Bajkowski

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A memory disclosure issue has been identified in the Linux kernel, specifically in the `lantiq etop` driver. The problem occurs when applying padding to Ethernet frames, as the buffer is not properly zeroed, resulting in memory disclosure. The issue is observed on the wire. To address this, a patch has been applied that utilizes the `skb put padto()` function to correctly pad Ethernet frames, ensuring the expanded buffer is zeroed. If a packet cannot be padded, it is silently dropped without incrementing statistics. This issue affects Ethernet MACs on Amazon-SE and Danube, which cannot perform packet padding in hardware and thus require software padding. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to memory corruption in the RX ring of the Linux kernel's lantiq module. When memory allocation or DMA mapping fails, an invalid address is programmed into the descriptor, leading to memory corruption. The patch resolves this by reusing the previous skb and mapping and dropping the packet when memory allocation fails, and also increments the rx drop counter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.