Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 18 Mar 2011 19:58:37 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: kernel: AudioScience HPI driver

On 03/18/2011 07:18 PM, Dan Rosenberg wrote:
> "The user-supplied index into the adapters array needs to be checked, or
> an out-of-bounds kernel pointer could be accessed and used, leading to
> potentially exploitable memory corruption."
>
> This may be triggered by a user with access to an appropriate device
> file, which I'd expect would be restricted to group 'audio'.  And
> you'd need to have this particular driver loaded, either by using the
> appropriate hardware or finding a new way to force it to be loaded in
> violation of security policy.
>
> Regards,
> Dan
>
> [1] http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=4a122c10fbfe9020df469f0f669da129c5757671

Please use CVE-2011-1169.

Eugene
-- 
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.