oss-sec mailing list archives
CVE request: kernel: alpha: fix several security issues
From: Eugene Teo <eugene () redhat com>
Date: Mon, 13 Jun 2011 13:36:12 +0800
https://lkml.org/lkml/2011/6/11/87; from Dan Rosenberg. 1. Signedness issue in osf_getdomainname allows copying out-of-bounds kernel memory to userland. 2. Signedness issue in osf_sysinfo allows copying large amounts of kernel memory to userland. 3. Typo (?) in osf_getsysinfo bounds minimum instead of maximum copy size, allowing copying large amounts of kernel memory to userland. 4. Usage of user pointer in osf_wait4 while under KERNEL_DS allows privilege escalation via writing return value of sys_wait4 to kernel memory. I didn't investigate further. Thanks, Eugene
Current thread:
- CVE request: kernel: alpha: fix several security issues Eugene Teo (Jun 12)
- Re: CVE request: kernel: alpha: fix several security issues Josh Bressers (Jun 15)