'[oss-security] CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES
From:       Eugene Teo <eugene () redhat ! com>
Date:       2010-12-23 3:23:00
Message-ID: 4D12C094.4020005 () redhat ! com
[Download RAW message or body]

 From Dan Rosenbugs :>, "If the user-provided len is less than the 
expected offset, the IRLMP_ENUMDEVICES getsockopt will do a 
copy_to_user() with a very large size value.  While this isn't be a 
security issue on x86 because it will get caught by the access_ok() 
check, it may leak large amounts of kernel heap on other architectures. 
  In any event, this patch fixes it."

http://www.spinics.net/lists/netdev/msg150842.html

Thanks, Eugene2
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic