[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2011-2906 should have been rejected (kernel non-security issue)
From:       Vincent Danen <vdanen () redhat ! com>
Date:       2012-05-25 4:11:09
Message-ID: 20120525041109.GN1286 () redhat ! com
[Download RAW message or body]

Hi, Steve.  Just a friendly heads-up on what came through CVENEW today:

> Name: CVE-2011-2906 (kernel)
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2906 [Open
> URL]
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed:
> Assigned: 20110727
> Category:
> Reference: MLIST:[oss-security] 20110810 Re: CVE requests: Two kernel
> issues
> Reference: URL:http://www.openwall.com/lists/oss-security/2011/08/09/8
> [Open URL]
> Reference:
> CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-
> [Open URL]
> 2.6.git;a=commit;h=b5b515445f4f5a905c5dd27e6e682868ccd6c09d
> Reference:
> CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
> [Open URL]
> Reference:
> CONFIRM:https://github.com/torvalds/linux/commit/b5b515445f4f5a905c5dd27e6e682868ccd6c09d
> [Open URL]
> 
> Integer signedness error in the pmcraid_ioctl_passthrough function in
> drivers/scsi/pmcraid.c in the Linux kernel before 3.1 allows local
> users to cause a denial of service (memory consumption or memory
> corruption) via a negative size value in an ioctl call.

This should be rejected as per the message two responses after the first
reference above:

http://www.openwall.com/lists/oss-security/2011/08/10/2

where Eugene says, based on the "this isn't a security flaw" message
from Dan Rosenberg.

Can you add a "REJECT" or "DISPUTED" note or whatever?  This probably
should have never been written up.

Thanks.

-- 
Vincent Danen / Red Hat Security Response Team 
[prev in list] [next in list] [prev in thread] [next in thread]