Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 20 Aug 2010 16:09:03 +0800
From: Eugene Teo <>
CC: "Steven M. Christey" <>
Subject: CVE-2010-2959 kernel: can: add limit for nframes and clean up signed/unsigned

Upstream commit: 5b75c4973ce779520b9d1e392483207d6f842cde

Discovered by Ben Hawkes. From the description of the patch: "This patch 
adds a limit for nframes as the number of frames in TX_SETUP and 
RX_SETUP are derived from a single byte multiplex value by default. 
Use-cases that would require to send/filter more than 256 CAN frames 
should be implemented in userspace for complexity reasons anyway.

Additionally the assignments of unsigned values from userspace to signed 
values in kernelspace and vice versa are fixed by using unsigned values 
in kernelspace consistently."

This can lead to a local denial of service or privilege escalation.

This can be mitigated by blacklisting the can/can_bcm modules.

I got the CVE name from a recent Ubuntu advisory.

Thanks, Eugene
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.