oss-sec mailing list archives
CVE request -- kernel: proc: signedness issue in next_pidmap()
From: Petr Matousek <pmatouse () redhat com>
Date: Tue, 19 Apr 2011 07:54:37 -0400 (EDT)
"A signedness issue has been found in next_pidmap() function when the "last" parameter is negative as next_pidmap() just quietly accepted whatever "last" pid that was passed in, which is not all that safe when one of the users is /proc. Setting f_pos to negative value when accessing /proc via readdir()/getdents() resulted in sign extension of this value when map pointer was being constructed. This later lead to #GP because the final pointer was not canonical (x86_64)." References: https://bugzilla.redhat.com/show_bug.cgi?id=697822 http://groups.google.com/group/fa.linux.kernel/browse_thread/thread/93c1088451fd3522/4a28ecb7f755a88d?#4a28ecb7f755a88d Upstream commit: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=c78193e9 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d8bdc59f Thanks, -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE request -- kernel: proc: signedness issue in next_pidmap() Petr Matousek (Apr 19)
- Re: CVE request -- kernel: proc: signedness issue in next_pidmap() Eugene Teo (Apr 19)