Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 Nov 2013 11:10:33 +0100
From: Petr Matousek <>
To: Nico Golde <>
Subject: Re: some unstracked linux kernel security fixes


On Sun, Nov 03, 2013 at 05:32:52PM +0100, Nico Golde wrote:
> drivers/uio/uio.c: mapping of physical memory to user space without proper size check

there is a size check in uio_mmap() (the only caller of uio_mmap_physical()):

        requested_pages = vma_pages(vma);
        actual_pages = ((idev->info->mem[mi].addr & ~PAGE_MASK)
                        + idev->info->mem[mi].size + PAGE_SIZE -1) >> PAGE_SHIFT;
        if (requested_pages > actual_pages)
                return -EINVAL;

why it wasn't sufficient?

Petr Matousek / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ