oss-security - CVE Request: Linux Kernel heap corruption on debug_read

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <CAJpd-bHmTaQ37Tykmfu7HAJrfu1JuW7wgFR32u1MWy0BjcTv6Q@mail.gmail.com>
Date: Thu, 15 Oct 2015 10:30:04 +0200
From: Salva Peiró <speiro@....upv.es>
To: oss-security@...ts.openwall.com
Subject: CVE Request: Linux Kernel heap corruption on debug_read_tlb

Hello,

Is there a CVE for this? If not, could one be assigned, please?

     https://patchwork.kernel.org/patch/6853351/
     commit e203db293863fa15b4b1917d4398fb5bd63c4e88
     iommu/omap: Fix debug_read_tlb() to use seq_printf()

     The debug_read_tlb() uses the sprintf() functions directly on the
buffer
     allocated by buf = kmalloc(count), without taking into account the size
     of the buffer, with the consequence corrupting the heap, depending on
     the count requested by the user.

     The patch fixes the issue replacing sprintf() by seq_printf().

--
Salva Peiró @ https://speirofr.appspot.com
CS Researcher & Software Engineer
Universitat Politècnica de València, Spain.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.