Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Dec 2010 11:23:00 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES

 From Dan Rosenbugs :>, "If the user-provided len is less than the 
expected offset, the IRLMP_ENUMDEVICES getsockopt will do a 
copy_to_user() with a very large size value.  While this isn't be a 
security issue on x86 because it will get caught by the access_ok() 
check, it may leak large amounts of kernel heap on other architectures. 
  In any event, this patch fixes it."

http://www.spinics.net/lists/netdev/msg150842.html

Thanks, Eugene2

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ