Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Mar 2016 17:11:55 +0100
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Cc: Ben Hutchings <>
Subject: CVE Request: Linux: aio write triggers integer overflow in some
 network protocols


We would like to request a CVE for the following issue in the Linux
kernel: (v4.1-rc1)

For the linux-stable:

For an upcoming Linux DSA in Debian we would use something like:

> Ben Hawkes of Google Project Zero reported that the AIO interface
> permitted reading or writing 2 GiB of data or more in a single
> chunk, which could lead to an integer overflow when applied to
> certain filesystems, socket or device types.  The full security
> impact has not been evaluated.

The issue was initially already addressed via (v3.5-rc1)

but then opened again due to (v3.10-rc1)

Can you please assign a CVE id for this issue?


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ