Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 27 Jun 2011 11:22:36 +0800
From: Eugene Teo <>
CC: Dan Rosenberg <>
Subject: Re: CVE request: kernel: remote buffer overflow in

On 06/25/2011 07:15 AM, Dan Rosenberg wrote:
> A remote user can provide a small value for the command size field in
> the command header of an l2cap configuration request, resulting in an
> integer underflow when subtracting the size of the configuration request
> header.  This results in copying a very large amount of data via
> memcpy() and destroying the kernel heap. [1]
> -Dan
> [1]

Please use CVE-2011-2497.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ