Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4DA3BC0B.9030005@redhat.com>
Date: Tue, 12 Apr 2011 10:42:19 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: Moritz Muehlenhoff <jmm@...ian.org>
Subject: Re: CVE requests: Three Linux kernel issues

> [3] http://permalink.gmane.org/gmane.linux.kernel/1124409 :
>
> | [PATCH] char: istallion: fix arbitrary kernel memory reads/writes
> |
> | stli_brdstats is defined as global variable.  After de-BKL-ization in
> | the patch b4eda9cb48eac1b7 an access to the variable is not serialized
> | anymore.  This leads to the TOCTOU in stli_getbrdstats():
[...]

de-BKL-ization patch b4eda9cb48eac1b7 happened in v2.6.36-rc1.

I don't think this qualifies a CVE as this is a staging driver (not 
supported, experimental, buggy, use at your own risk).

Thanks, Eugene
-- 
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.