Lennert Buytenhek

Researcher fromArista
#13036of 53,635
20.4Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2025-8155
5.5
2022-02-07
Linux · Linux Kernel · CVE-2022-49227
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved. The issue occurs when changing RX ring parameters using ethtool, which triggers kernel warnings. The `igc ethtool set ringparam()` function neglects to reset the `xdp rxq info` member before calling `igc setup rx resources()`, resulting in a warning. This happens when the `ethtool` command is used to change RX ring parameters, such as `$ ethtool -G eth0 rx 1024`. The vulnerability is related to the `igc` driver and the `xdp rxq info reg()` function. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. As a temporary workaround, consider avoiding the use of the `ethtool` command to change RX ring parameters until a patch is available. Additionally, restricting access to the `igc` driver or the `xdp rxq info reg()` function may help minimize the risk of exploitation.
PT-2009-6209
7.8
2009-12-02
Linux · Linux Kernel · CVE-2009-4026
**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.32-rc8-next-20091201 **Description** The issue is related to the mac80211 subsystem and allows remote attackers to cause a denial of service, resulting in a system panic. This is achieved by sending a crafted Delete Block ACK packet. The problem is linked to an erroneous code shuffling patch. **Recommendations** For Linux kernel versions prior to 2.6.32-rc8-next-20091201, update to version 2.6.32-rc8-next-20091201 or later to resolve the issue.
PT-2009-6210
7.1
2009-12-02
Linux · Linux Kernel · CVE-2009-4027
**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.32-rc8-next-20091201 **Description** A race condition exists in the mac80211 subsystem, allowing remote attackers to cause a denial of service, resulting in a system crash. This occurs when a Delete Block ACK packet triggers a specific state change without an aggregation session present. **Recommendations** For Linux kernel versions prior to 2.6.32-rc8-next-20091201, update to version 2.6.32-rc8-next-20091201 or later to resolve the issue.