Date: Mon, 27 Jun 2011 11:22:10 +0800 From: Eugene Teo <eteo@...hat.com> To: oss-security@...ts.openwall.com, "Steven M. Christey" <coley@...us.mitre.org>, Joshua Bressers <bressers@...hat.com> Subject: Re: CVE request: kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions On 06/25/2011 04:19 AM, Petr Matousek wrote: > Description of the problem: > The normal mmap paths all avoid creating a mapping where the pgoff > inside the mapping could wrap around due to overflow. However, an > expanding mremap() can take such a non-wrapping mapping and make it > bigger and cause a wrapping condition. There is also another case > where we expand mappings hiding in plain sight: the automatic stack > expansion. > > The wrapping condition can cause a BUG_ON() due to terminally > confusing the vma_prio_tree code. Please use CVE-2011-2496. Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ