Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 27 Jun 2011 11:22:10 +0800
From: Eugene Teo <eteo@...hat.com>
To: oss-security@...ts.openwall.com,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Joshua Bressers <bressers@...hat.com>
Subject: Re: CVE request: kernel: mm: avoid wrapping vm_pgoff in mremap()
 and stack expansions

On 06/25/2011 04:19 AM, Petr Matousek wrote:
> Description of the problem:
> The normal mmap paths all avoid creating a mapping where the pgoff
> inside the mapping could wrap around due to overflow.  However, an
> expanding mremap() can take such a non-wrapping mapping and make it
> bigger and cause a wrapping condition. There is also another case
> where we expand mappings hiding in plain sight: the automatic stack
> expansion.
> 
> The wrapping condition can cause a BUG_ON() due to terminally
> confusing the vma_prio_tree code.

Please use CVE-2011-2496.

Eugene

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ