Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 22 Apr 2011 06:15:15 -1000
From: akuster <akuster@...sta.com>
To: oss-security@...ts.openwall.com
CC: Vasiliy Kulikov <segoon@...nwall.com>, 
 Petr Matousek <pmatouse@...hat.com>
Subject: Re: CVE request: kernel: buffer overflow and DoS issues
 in agp


I am a bit confused.

https://bugzilla.redhat.com/show_bug.cgi?id=698999 references
https://lkml.org/lkml/2011/4/14/294

 which is assigned to CVE-2011-1746 not CVE-2011-1747.

is there a patch for CVE-2011-1747?

- Armin

On 04/22/2011 05:32 AM, Vasiliy Kulikov wrote:
> On Fri, Apr 22, 2011 at 11:11 -0400, Petr Matousek wrote:
>>> Another problem in agp code is not addressed in the patch - kernel
>>> memory
>>> exhaustion (AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls). It is not
>>> checked
>>> whether requested pid is a pid of the caller (no check in
>>> agpioc_reserve_wrap()).
>>> Each allocation is limited to 16KB, though, there is no per-process
>>> limit.
>>> This might lead to OOM situation, which is not even solved in case of
>>> the
>>> caller death by OOM killer - the memory is allocated for another
>>> (faked)
>>> process."
>>
>> Please use CVE-2011-1747.
> 
> In https://bugzilla.redhat.com/show_bug.cgi?id=698999 it is said
> "Reference and patch:", but there is no patch for the issue (as I said
> in the patch description).  I have no agp hardware and I cannot test
> whether forcing the requested pid to the current pid is a good idea (it
> might not).
> 
> Thanks,
> 

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ