[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: kernel: parisc: isa-eeprom missing
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2009-08-18 20:58:43
Message-ID: Pine.GSO.4.51.0908181656410.17763 () faron ! mitre ! org
[Download RAW message or body]


I wasn't sure how to interpret the phrase "poke in random memory" from the
bug comment and there wasn't enough source code context, so I guessed that
the impact is reading unexpected memory, but maybe it's also a crash or
whatever.

- Steve


======================================================
Name: CVE-2009-2846
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2846
Reference: MLIST:[oss-security] 20090810 CVE request: kernel: parisc: isa-eeprom missing lower \
                bound check
Reference: URL:http://www.openwall.com/lists/oss-security/2009/08/10/1
Reference: MLIST:[oss-security] 20090818 Re: CVE request: kernel: parisc: isa-eeprom missing \
                lower bound check
Reference: URL:http://www.openwall.com/lists/oss-security/2009/08/18/6
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6b4dbcd86a9d464057fcc7abe4d0574093071fcc


The eisa_eeprom_read function in the parisc isa-eeprom component
(drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6
allows local users to access restricted memory via a negative ppos
argument, which bypasses a check that assumes that ppos is positive
and causes an out-of-bounds read in the readb function.


[prev in list] [next in list] [prev in thread] [next in thread]