Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:net: ethernet: cortina: Use TOE/TSO on all TCPIt is desireable to push the hardware accelerator to alsoprocess non-segmented TCP frames: we pass the skb->lento the "TOE/TSO" offloader and it will handle them.Without this quirk the driver becomes unstable and lockup and and crash.I do not know exactly why, but it is probably due to theTOE (TCP offload engine) feature that is coupled with thesegmentation feature - it is not possible to turn onepart off and not the other, either both TOE and TSO areactive, or neither of them.Not having the TOE part active seems detrimental, as ifthat hardware feature is not really supposed to be turnedoff.The datasheet says: "Based on packet parsing and TCP connection/NAT table lookup results, the NetEngine puts the packets belonging to the same TCP connection to the same queue for the software to process. The NetEngine puts incoming packets to the buffer or series of buffers for a jumbo packet. With this hardware acceleration, IP/TCP header parsing, checksum validation and connection lookup are offloaded from the software processing."After numerous tests with the hardware locking up aftersomething between minutes and hours depending on loadusing iperf3 I have concluded this is necessary to stabilizethe hardware.
No PoCs from references.
- https://github.com/w4zu/Debian_security