Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Dec 2010 11:23:00 +0800
From: Eugene Teo <>
CC: "Steven M. Christey" <>
Subject: CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES

 From Dan Rosenbugs :>, "If the user-provided len is less than the 
expected offset, the IRLMP_ENUMDEVICES getsockopt will do a 
copy_to_user() with a very large size value.  While this isn't be a 
security issue on x86 because it will get caught by the access_ok() 
check, it may leak large amounts of kernel heap on other architectures. 
  In any event, this patch fixes it."

Thanks, Eugene2

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ