|
Message-ID: <4C6E381F.4040502@kernel.sg> Date: Fri, 20 Aug 2010 16:09:03 +0800 From: Eugene Teo <eugeneteo@...nel.sg> To: oss-security@...ts.openwall.com CC: "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE-2010-2959 kernel: can: add limit for nframes and clean up signed/unsigned variables Upstream commit: 5b75c4973ce779520b9d1e392483207d6f842cde Discovered by Ben Hawkes. From the description of the patch: "This patch adds a limit for nframes as the number of frames in TX_SETUP and RX_SETUP are derived from a single byte multiplex value by default. Use-cases that would require to send/filter more than 256 CAN frames should be implemented in userspace for complexity reasons anyway. Additionally the assignments of unsigned values from userspace to signed values in kernelspace and vice versa are fixed by using unsigned values in kernelspace consistently." This can lead to a local denial of service or privilege escalation. This can be mitigated by blacklisting the can/can_bcm modules. https://bugzilla.redhat.com/CVE-2010-2959 I got the CVE name from a recent Ubuntu advisory. Thanks, Eugene -- main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.