[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: multiple kernel stack memory
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2010-10-25 21:52:36
Message-ID: Pine.GSO.4.64.1010251751270.20275 () faron ! mitre ! org
[Download RAW message or body]
All,
I apologize for taking so long to handle this. Dan, thanks for being
so diligent about digging up more information! That couldn't have
been easy, let alone fun.
- Steve
========================================================================
http://www.openwall.com/lists/oss-security/2010/10/07/1
Author: Dan Rosenberg
> ipc/shm.c (shmctl), reported and fixed by Kees Cook
> Affects >= 2.6.0, >= 2.4.0
>
> Reference:
> http://lkml.org/lkml/2010/10/6/454
CVE-2010-4072
> ipc/compat.c (compat versions of semctl, shmctl, and msgctl)
> Affects >= 2.6.8
>
> ipc/compat_mq (compat versions of mq_open and mq_getsetattr)
> Affects >= 2.6.8
>
> Reference:
> http://lkml.org/lkml/2010/10/6/492
CVE-2010-4073
========================================================================
http://www.openwall.com/lists/oss-security/2010/10/06/6
Author: Dan Rosenberg
Due to the high variation in affected kernel versions, most of these
are SPLIT.
>TIOCGICOUNT stack leaks:
(see http://lkml.org/lkml/2010/9/16/294)
> usb/serial/mos*.c
> Fixed in 2.6.36-rc5
> Affects >= 2.6.19
CVE-2010-4074
>drivers/serial/serial_core.c
>Not fixed yet (Alan Cox's fix will be in 2.6.37)
>Affects >= 2.6.0
CVE-2010-4075
>drivers/char/amiserial.c
>Not fixed yet (Alan Cox's fix will be in 2.6.37)
>Affects >= 2.6.0, >= 2.4.0
CVE-2010-4076
>drivers/char/nozomi.c
>Not fixed yet (Alan Cox's fix will be in 2.6.37)
>Affects >= 2.6.25
CVE-2010-4077
>drivers/net/usb/hso.c (CVE-2010-3298)
>Fixed in 2.6.36-rc5
>Affects >= 2.6.29
Already assigned - CVE-2010-3298
>FBIOGET_VBLANK stack leaks:
>drivers/video/sis/sis_main.c
>Fixed in 2.6.36-rc6
>Affects >= 2.6.11
CVE-2010-4078
>drivers/video/ivtv/ivtvfb.c
>Not fixed yet (patch has been queued)
>Affects >= 2.6.24
CVE-2010-4079
>Miscellaneous device ioctl stack leaks:
>sound/pci/rme9652/hdsp*.c
>Fixed in 2.6.36-rc6
>Affects >= 2.6.0 (hdsp.c), >= 2.6.13 (hdspm.c)
These are SPLIT because the affected files are in different versions.
hdsp.c - CVE-2010-4080
hdspm.c - CVE-2010-4081
>drivers/video/via/ioctl.c
>Fixed in 2.6.36-rc5
>Affects >= 2.6.28
CVE-2010-4082
>drivers/net/cxgb3/cxgb3_main.c (CVE-2010-3296)
>Fixed in 2.6.36-rc5
>Affects >= 2.6.21
Already assigned - CVE-2010-3296
>drivers/net/eql.c (CVE-2010-3297)
>Fixed in 2.6.36-rc5
>Affects >= 2.6.0, >= 2.4.0
Already assigned - CVE-2010-3297
>System call stack leak:
>ipc/sem.c
>Not fixed yet (patch queued)
>Affects >= 2.6.0, >= 2.4.0
Presumably the lack of a current patch means this will affect a
different version than CVE-2010-4072 (ipc/shm.c shmctl), see above.
CVE-2010-4083
- Steve
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic