[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES
From: Eugene Teo <eugene () redhat ! com>
Date: 2010-12-23 3:23:00
Message-ID: 4D12C094.4020005 () redhat ! com
[Download RAW message or body]
From Dan Rosenbugs :>, "If the user-provided len is less than the
expected offset, the IRLMP_ENUMDEVICES getsockopt will do a
copy_to_user() with a very large size value. While this isn't be a
security issue on x86 because it will get caught by the access_ok()
check, it may leak large amounts of kernel heap on other architectures.
In any event, this patch fixes it."
http://www.spinics.net/lists/netdev/msg150842.html
Thanks, Eugene2
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic