CVE-2024-45030

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> igb: cope with large MAX_SKB_FRAGS<br /> <br /> Sabrina reports that the igb driver does not cope well with large<br /> MAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload<br /> corruption on TX.<br /> <br /> An easy reproducer is to run ssh to connect to the machine. With<br /> MAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails. This has<br /> been reported originally in<br /> https://bugzilla.redhat.com/show_bug.cgi?id=2265320<br /> <br /> The root cause of the issue is that the driver does not take into<br /> account properly the (possibly large) shared info size when selecting<br /> the ring layout, and will try to fit two packets inside the same 4K<br /> page even when the 1st fraglist will trump over the 2nd head.<br /> <br /> Address the issue by checking if 2K buffers are insufficient.