Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 22 Apr 2011 19:32:51 +0400
From: Vasiliy Kulikov <>
To: Petr Matousek <>
Subject: Re: CVE request: kernel: buffer overflow and DoS
 issues in agp

On Fri, Apr 22, 2011 at 11:11 -0400, Petr Matousek wrote:
> > Another problem in agp code is not addressed in the patch - kernel
> > memory
> > exhaustion (AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls). It is not
> > checked
> > whether requested pid is a pid of the caller (no check in
> > agpioc_reserve_wrap()).
> > Each allocation is limited to 16KB, though, there is no per-process
> > limit.
> > This might lead to OOM situation, which is not even solved in case of
> > the
> > caller death by OOM killer - the memory is allocated for another
> > (faked)
> > process."
> Please use CVE-2011-1747.

In it is said
"Reference and patch:", but there is no patch for the issue (as I said
in the patch description).  I have no agp hardware and I cannot test
whether forcing the requested pid to the current pid is a good idea (it
might not).


Vasiliy Kulikov - bringing security into open computing environments

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ