net: Fix memory leak/corruption on VLAN GRO_DROP The function napi_reuse_skb is only meant to be used for packets merged by GRO. Using it on the VLAN path will lead to memory leaks/corruption. This patch is based on Jay Vosburgh's patch, and it fixes the problem by calling kfree_skb on the VLAN GRO_DROP path instead of napi_reuse_skb. The fix for CVE-2011-1478 unveiled this issue. Note, this is not a CVE-2011-1478 regression. Acknowledgements: Red Hat would like to thank Ryan Sweat for reporting this issue.
This issue does not affect the upstream kernel as the code path in question is no longer reachable due to changes in the VLAN subsystem.
Statement: This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not support Generic Receive Offload (GRO). This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html and https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0927 https://rhn.redhat.com/errata/RHSA-2011-0927.html
Upstream commit: http://git.kernel.org/linus/3701e51382a026cba10c60b03efabe534fba4ca4
This issue has been addressed in following products: RHEV-H, V2V and Agents for RHEL-5 Via RHSA-2011:1090 https://rhn.redhat.com/errata/RHSA-2011-1090.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6.0.Z - Server Only Via RHSA-2011:1106 https://rhn.redhat.com/errata/RHSA-2011-1106.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1189 https://rhn.redhat.com/errata/RHSA-2011-1189.html
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2011:1253 https://rhn.redhat.com/errata/RHSA-2011-1253.html