[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2010-2959 kernel: can: add limit for nframes and clean up signed/unsigned
From:       Eugene Teo <eugeneteo () kernel ! sg>
Date:       2010-08-20 8:09:03
Message-ID: 4C6E381F.4040502 () kernel ! sg
[Download RAW message or body]

Upstream commit: 5b75c4973ce779520b9d1e392483207d6f842cde

Discovered by Ben Hawkes. From the description of the patch: "This patch 
adds a limit for nframes as the number of frames in TX_SETUP and 
RX_SETUP are derived from a single byte multiplex value by default. 
Use-cases that would require to send/filter more than 256 CAN frames 
should be implemented in userspace for complexity reasons anyway.

Additionally the assignments of unsigned values from userspace to signed 
values in kernelspace and vice versa are fixed by using unsigned values 
in kernelspace consistently."

This can lead to a local denial of service or privilege escalation.

This can be mitigated by blacklisting the can/can_bcm modules.

https://bugzilla.redhat.com/CVE-2010-2959

I got the CVE name from a recent Ubuntu advisory.

Thanks, Eugene
-- 
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
[prev in list] [next in list] [prev in thread] [next in thread]