Date: Thu, 15 Oct 2015 06:53:48 -0700 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: Linux Kernel heap corruption on debug_read_tlb On Thu, Oct 15, 2015 at 10:30:04AM +0200, Salva Peiró wrote: > Hello, > > Is there a CVE for this? If not, could one be assigned, please? > > https://patchwork.kernel.org/patch/6853351/ > commit e203db293863fa15b4b1917d4398fb5bd63c4e88 > iommu/omap: Fix debug_read_tlb() to use seq_printf() > > The debug_read_tlb() uses the sprintf() functions directly on the > buffer > allocated by buf = kmalloc(count), without taking into account the size > of the buffer, with the consequence corrupting the heap, depending on > the count requested by the user. > > The patch fixes the issue replacing sprintf() by seq_printf(). For a root-only-readable file? Why is a CVE needed? thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ