oss-sec mailing list archives
Re: CVE requests: Two kernel issues
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Tue, 9 Aug 2011 20:14:42 -0400
On Tue, Aug 9, 2011 at 6:49 PM, Eugene Teo <eugene () redhat com> wrote:
On 08/10/2011 04:42 AM, Moritz Muehlenhoff wrote:>2. [SCSI] pmcraid: reject negative request size http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b5b515445f4f5a905c5dd27e6e682868ccd6c09dI don't have a PMC Sierra MaxRAID controller, so I am not sure what's the permissions give to /dev/pmcsas%u. I'm checking. Meanwhile, use CVE-2011-2906 for this issue. Thanks, Eugene
This isn't a security issue because there's a check for CAP_SYS_ADMIN on pmcraid_chr_open(), which is necessary to obtain a file descriptor to the device file in order to call the affected ioctl. Which is why I didn't bother CC'ing security () kernel org. ;-) -Dan
Current thread:
- CVE requests: Two kernel issues Moritz Muehlenhoff (Aug 09)
- Re: CVE requests: Two kernel issues Eugene Teo (Aug 09)
- Re: CVE requests: Two kernel issues Dan Rosenberg (Aug 09)
- Re: CVE requests: Two kernel issues Eugene Teo (Aug 09)
- Re: CVE requests: Two kernel issues Moritz Muehlenhoff (Aug 10)
- Re: CVE requests: Two kernel issues Eugene Teo (Aug 11)
- Re: CVE requests: Two kernel issues Yves-Alexis Perez (Aug 12)
- Re: CVE requests: Two kernel issues Eugene Teo (Aug 14)
- Re: CVE requests: Two kernel issues Dan Rosenberg (Aug 09)
- Re: CVE requests: Two kernel issues Eugene Teo (Aug 09)