RE: [PATCH net 2/2] r8152: rx descriptor check
From: Hayes Wang
Date: Mon Nov 14 2016 - 01:44:17 EST
Francois Romieu [mailto:romieu@xxxxxxxxxxxxx]
> Sent: Friday, November 11, 2016 8:13 PM
[...]
> Invalid packet size corrupted receive descriptors in Realtek's device
> reminds of CVE-2009-4537.
Do you mean that the driver would get a packet exceed the size
which is set to RxMaxSize? I check it with our hw engineers.
They don't get any issue about RxMaxSize. And their test for
RxMaxSize register is fine.
> Is the silicium of both devices different enough to prevent the same
> exploit to happen ?
For this case, I don't think the device provide a invalid value
for the receive descriptors. However, the driver sees a different
value. That is why I say the memory is unbelievable.
Best Regards,
Hayes