Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jun 2016 12:54:10 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>,
	Takashi Iwai <tiwai@...e.de>, cve-assign@...re.org
Subject: CVE Request: integer overflow in ALSA snd_compress_check_input

Hi,

Someone seems to have assigned CVE-2014-9904 to commit 

commit 6217e5ede23285ddfee10d2e4ba0cc2d4c046205
Author: Dan Carpenter <dan.carpenter@...cle.com>
Date:   Wed Jul 16 09:37:04 2014 +0300

    ALSA: compress: fix an integer overflow check
    
    I previously added an integer overflow check here but looking at it now,
    it's still buggy.
    
    The bug happens in snd_compr_allocate_buffer().  We multiply
    ".fragments" and ".fragment_size" and that doesn't overflow but then we
    save it in an unsigned int so it truncates the high bits away and we
    allocate a smaller than expected size.
    
    Fixes: b35cc8225845 ('ALSA: compress_core: integer overflow in snd_compr_allocate_buffer()')
    Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
    Signed-off-by: Takashi Iwai <tiwai@...e.de>


but there was no 2012 CVE assignment to the original fixing commit b35cc8225845 as far as I see:

commit b35cc8225845112a616e3a2266d2fde5ab13d3ab
Author: Dan Carpenter <dan.carpenter@...cle.com>
Date:   Wed Sep 5 15:32:18 2012 +0300

    ALSA: compress_core: integer overflow in snd_compr_allocate_buffer()
    
    These are 32 bit values that come from the user, we need to check for
    integer overflows or we could end up allocating a smaller buffer than
    expected.
    
    Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
    Signed-off-by: Takashi Iwai <tiwai@...e.de>


Is there a 2012 CVE for it?

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ