Date: Mon, 03 Jan 2011 10:56:35 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com CC: Eugene Teo <eugene@...hat.com>, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES On 12/23/2010 08:53 AM, Eugene Teo wrote: > From Dan Rosenbugs :>, "If the user-provided len is less than the > expected offset, the IRLMP_ENUMDEVICES getsockopt will do a > copy_to_user() with a very large size value. While this isn't be a > security issue on x86 because it will get caught by the access_ok() > check, it may leak large amounts of kernel heap on other architectures. > In any event, this patch fixes it." Assigned CVE-2010-4529 to this one. -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ