Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 03 Jan 2011 10:56:35 +0530
From: Huzaifa Sidhpurwala <huzaifas@...hat.com>
To: oss-security@...ts.openwall.com
CC: Eugene Teo <eugene@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: irda: prevent integer underflow
 in IRLMP_ENUMDEVICES

On 12/23/2010 08:53 AM, Eugene Teo wrote:
> From Dan Rosenbugs :>, "If the user-provided len is less than the
> expected offset, the IRLMP_ENUMDEVICES getsockopt will do a
> copy_to_user() with a very large size value.  While this isn't be a
> security issue on x86 because it will get caught by the access_ok()
> check, it may leak large amounts of kernel heap on other architectures.
>  In any event, this patch fixes it."

Assigned CVE-2010-4529 to this one.


-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ