Red Hat Customer Portal

Skip to main content


Public Date:
550907: CVE-2009-4537 kernel: r8169 issue reported at 26c3

The MITRE CVE dictionary describes this issue as:

drivers/net/r8169.c in the r8169 driver in the Linux kernel and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.

Find out more about CVE-2009-4537 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 7.1
Base Metrics AV:N/AC:M/Au:N/C:N/I:N/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (kernel) RHSA-2010:0020 2010-01-08
MRG Grid for RHEL 5 Server (kernel-rt) RHSA-2010:0041 2010-01-21
Red Hat Enterprise Linux 5 (kernel) RHSA-2010:0019 2010-01-07
Red Hat Enterprise Virtualization Hypervisor 5 (rhev-hypervisor) RHSA-2010:0095 2010-02-09
Red Hat Enterprise Linux Extended Update Support 4.7 (kernel) RHSA-2010:0111 2010-02-16
Red Hat Enterprise Linux EUS (v. 5.3 server) (kernel) RHSA-2010:0053 2010-01-20
Red Hat Enterprise Linux EUS (v. 5.2 server) (kernel) RHSA-2010:0079 2010-02-02

Last Modified