Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 15 Oct 2015 06:53:48 -0700
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: Linux Kernel heap corruption on
 debug_read_tlb

On Thu, Oct 15, 2015 at 10:30:04AM +0200, Salva Peiró wrote:
> Hello,
> 
> Is there a CVE for this? If not, could one be assigned, please?
> 
>      https://patchwork.kernel.org/patch/6853351/
>      commit e203db293863fa15b4b1917d4398fb5bd63c4e88
>      iommu/omap: Fix debug_read_tlb() to use seq_printf()
> 
>      The debug_read_tlb() uses the sprintf() functions directly on the
> buffer
>      allocated by buf = kmalloc(count), without taking into account the size
>      of the buffer, with the consequence corrupting the heap, depending on
>      the count requested by the user.
> 
>      The patch fixes the issue replacing sprintf() by seq_printf().

For a root-only-readable file?  Why is a CVE needed?

thanks,

greg k-h

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ