Date: Thu, 08 Dec 2011 12:19:29 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request -- kernel: send(m)msg: user pointer dereferences On 12/08/2011 12:15 PM, Petr Matousek wrote: > Dereferencing a user pointer directly from kernel-space without going > through the copy_from_user family of functions is a bad idea. Two of > such usages can be found in the sendmsg code path called from > sendmmsg, added by upstream commit > c71d8ebe7a4496fb7231151cb70a6baa0cb56f9a. Usages are performed through > memcmp() and memcpy() directly. > > Upstream commit: > bc909d9ddbf7778371e36a651d6e4194b1cc7d4c > > References: > https://bugzilla.redhat.com/show_bug.cgi?id=761646 > > Thanks, Please use CVE-2011-4594 for this issue. -- -Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.