Date: Thu, 15 Oct 2015 10:30:04 +0200 From: Salva Peiró <speiro@....upv.es> To: oss-security@...ts.openwall.com Subject: CVE Request: Linux Kernel heap corruption on debug_read_tlb Hello, Is there a CVE for this? If not, could one be assigned, please? https://patchwork.kernel.org/patch/6853351/ commit e203db293863fa15b4b1917d4398fb5bd63c4e88 iommu/omap: Fix debug_read_tlb() to use seq_printf() The debug_read_tlb() uses the sprintf() functions directly on the buffer allocated by buf = kmalloc(count), without taking into account the size of the buffer, with the consequence corrupting the heap, depending on the count requested by the user. The patch fixes the issue replacing sprintf() by seq_printf(). -- Salva Peiró @ https://speirofr.appspot.com CS Researcher & Software Engineer Universitat Politècnica de València, Spain.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ