Date: Mon, 24 Jan 2011 21:37:59 +0300 From: Vasiliy Kulikov <segoon@...nwall.com> To: "Steven M. Christey" <coley@...-smtp.mitre.org> Cc: Eugene Teo <eugeneteo@...nel.org>, oss-security@...ts.openwall.com Subject: Re: [PATCH] acpi: debugfs: fix buffer overflows, double free On Sat, Jan 22, 2011 at 15:13 -0500, Steven M. Christey wrote: > > On Fri, 21 Jan 2011, Eugene Teo wrote: > > >On 01/21/2011 04:08 AM, Vasiliy Kulikov wrote: > >>File position is not controlled, it may lead to overwrites of arbitrary > >>kernel memory. Also the code may kfree() the same pointer multiple > >>times. > > > >http://lkml.org/lkml/2011/1/20/348 > >https://bugzilla.redhat.com/CVE-2011-0023 > > > >Please use CVE-2011-0023 (this does not include the unresolved > >flaw described in the following paragraph below). > > There seem to be 2 types of issues described above - the > uncontrolled file position / memory overwrite, and a "double free". If you want to count every bug in this code, here you are: if zero *ppos after each write() then buf is leaked :-) > So there should probably be 2 separate CVEs, not one. Am I missing > something? > > - Steve -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.