oss-sec mailing list archives
CVE request: kernel: heap corruption in IrDA
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Sun, 20 Mar 2011 15:26:53 -0400
When providing an invalid IrDA nickname for an IrNET peer, a local attacker can cause a kernel panic due to an underflow in a memcpy() size calculation or cause a controllable heap overflow that may lead to privilege escalation. Write access to the /dev/irnet device file is required to trigger the vulnerability. Reference: http://marc.info/?l=linux-netdev&m=130060169116047&w=2 Regards, Dan
Current thread:
- CVE request: kernel: heap corruption in IrDA Dan Rosenberg (Mar 20)
- Re: CVE request: kernel: heap corruption in IrDA Eugene Teo (Mar 20)
- Re: CVE request: kernel: heap corruption in IrDA Dan Rosenberg (Mar 21)
- Re: CVE request: kernel: heap corruption in IrDA Eugene Teo (Mar 22)
- Re: CVE request: kernel: heap corruption in IrDA Dan Rosenberg (Mar 21)
- Re: CVE request: kernel: heap corruption in IrDA Eugene Teo (Mar 20)