Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some background around the e1kFallbackAddToFrame bug #8

Open
schomatis opened this issue Nov 7, 2018 · 0 comments
Open

Some background around the e1kFallbackAddToFrame bug #8

schomatis opened this issue Nov 7, 2018 · 0 comments

Comments

@schomatis
Copy link

This bug was first reported a year ago in

https://github.com/fundacion-sadosky/vbox_cve_2017_10235

after the patch was released by Oracle in

https://www.virtualbox.org/changeset/67974/vbox

but it seems the bug has been reintroduced since then when the checks around u16MaxPktLen were moved to another function (that can be bypassed) in

https://www.virtualbox.org/changeset/68727/vbox

Personally, I do not agree with this type of disclosure but I do have to note that the obscure way Oracle handled the security advisory in the CPU of July 2017 gave very little visibility to the bug and with our own security advisory release having very little impact it made it very easy for the bug to creep up again since it hasn't been acknowledged that the e1kFallbackAddToFrame function is very insecure.

/cc @jheguia
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@schomatis