Date: Fri, 22 Apr 2011 06:15:15 -1000 From: akuster <akuster@...sta.com> To: oss-security@...ts.openwall.com CC: Vasiliy Kulikov <segoon@...nwall.com>, Petr Matousek <pmatouse@...hat.com> Subject: Re: CVE request: kernel: buffer overflow and DoS issues in agp I am a bit confused. https://bugzilla.redhat.com/show_bug.cgi?id=698999 references https://lkml.org/lkml/2011/4/14/294 which is assigned to CVE-2011-1746 not CVE-2011-1747. is there a patch for CVE-2011-1747? - Armin On 04/22/2011 05:32 AM, Vasiliy Kulikov wrote: > On Fri, Apr 22, 2011 at 11:11 -0400, Petr Matousek wrote: >>> Another problem in agp code is not addressed in the patch - kernel >>> memory >>> exhaustion (AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls). It is not >>> checked >>> whether requested pid is a pid of the caller (no check in >>> agpioc_reserve_wrap()). >>> Each allocation is limited to 16KB, though, there is no per-process >>> limit. >>> This might lead to OOM situation, which is not even solved in case of >>> the >>> caller death by OOM killer - the memory is allocated for another >>> (faked) >>> process." >> >> Please use CVE-2011-1747. > > In https://bugzilla.redhat.com/show_bug.cgi?id=698999 it is said > "Reference and patch:", but there is no patch for the issue (as I said > in the patch description). I have no agp hardware and I cannot test > whether forcing the requested pid to the current pid is a good idea (it > might not). > > Thanks, >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ