You have been subscribed to a public bug: Description: qeth: fix length check in SNMP processing Symptom: Undefined behaviour. Problem: The response for a SNMP request can consist of multiple parts, which the cmd callback stages into a kernel buffer until all parts have been received. If the callback detects that the staging buffer provides insufficient space, it bails out with error. This processing is buggy for the first part of the response - while it initially checks for a length of 'data_len', it later copies an additional amount of 'offsetof(struct qeth_snmp_cmd, data)' bytes. Solution: Fix the calculation of 'data_len' for the first part of the response. Upstream-ID: 9a764c1e59684c0358e16ccaafd870629f2cfe67
Should be applied to all Ubuntu Releases in Service ** Affects: linux (Ubuntu) Importance: Undecided Assignee: Skipper Bug Screeners (skipper-screen-team) Status: New ** Tags: architecture-s39064 bugnameltc-173661 severity-high targetmilestone-inin1810 -- [UBUNTU] qeth: fix length check in SNMP processing https://bugs.launchpad.net/bugs/1805802 You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp