[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request - kernel: char: Int overflow in lp_do_ioctl()
From: Greg KH <greg () kroah ! com>
Date: 2013-12-31 7:05:01
Message-ID: 20131231070501.GA5874 () kroah ! com
[Download RAW message or body]
On Tue, Dec 31, 2013 at 02:33:57PM +0800, Yongjian Xu wrote:
> Hi,
>
> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=1c2de820d66d704c7d6fffdd872b7670eb4e29bb
>
> This is an integer overflow, and can be controlled via ioctl.
>
> arg comes from user-space, so int overflow may occur in this:
> LP_TIME(minor) = arg * HZ/100;
What exactly can happen if you set that value to a really high number?
(hint, I really don't think anything happens at all, no matter what you
set that value to...)
How does this warrent a CVE?
thanks,
greg k-h
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic