Date: Fri, 03 Jun 2011 14:47:39 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: Josh Bressers <bressers@...hat.com>, Timo Warns <warns@...-sense.de>, coley <coley@...re.org> Subject: Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables On 02/25/2011 04:22 AM, Josh Bressers wrote: > > ----- Original Message ----- >> On Thu, 2011-02-24 at 09:25 +0800, Eugene Teo wrote: >>> On 02/24/2011 03:59 AM, Josh Bressers wrote: >>>> ----- Original Message ----- >>>>> >>>>> The kernel automatically evaluates partition tables of storage >>>>> devices. The code for evaluating LDM partitions (in >>>>> fs/partitions/ldm.c) contains a bug that allows to overflow the >>>>> kernel heap. It may be possible to escalate privileges by exploiting >>>>> this bug. [...] > I would still like something along the lines of a proposed patch. I believe > you folks (as you're much brighter than me), but I still don't quite grasp > the difference. I suspect there is enough public information for MITRE to > public a CVE though, so please use CVE-2011-1017. It was reported that the fix for this is insufficient. I have assigned CVE-2011-2182 to this. See https://lkml.org/lkml/2011/5/6/407. Timo, can you please post the patch here once you have submitted it to lkml for review. Thanks. Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ