Date: Fri, 22 Apr 2011 19:32:51 +0400 From: Vasiliy Kulikov <segoon@...nwall.com> To: Petr Matousek <pmatouse@...hat.com> Cc: oss-security@...ts.openwall.com Subject: Re: CVE request: kernel: buffer overflow and DoS issues in agp On Fri, Apr 22, 2011 at 11:11 -0400, Petr Matousek wrote: > > Another problem in agp code is not addressed in the patch - kernel > > memory > > exhaustion (AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls). It is not > > checked > > whether requested pid is a pid of the caller (no check in > > agpioc_reserve_wrap()). > > Each allocation is limited to 16KB, though, there is no per-process > > limit. > > This might lead to OOM situation, which is not even solved in case of > > the > > caller death by OOM killer - the memory is allocated for another > > (faked) > > process." > > Please use CVE-2011-1747. In https://bugzilla.redhat.com/show_bug.cgi?id=698999 it is said "Reference and patch:", but there is no patch for the issue (as I said in the patch description). I have no agp hardware and I cannot test whether forcing the requested pid to the current pid is a good idea (it might not). Thanks, -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ