Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 08 Dec 2011 12:19:29 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request -- kernel: send(m)msg: user pointer
 dereferences

On 12/08/2011 12:15 PM, Petr Matousek wrote:
> Dereferencing a user pointer directly from kernel-space without going
> through the copy_from_user family of functions is a bad idea. Two of
> such usages can be found in the sendmsg code path called from
> sendmmsg, added by upstream commit
> c71d8ebe7a4496fb7231151cb70a6baa0cb56f9a. Usages are performed through
> memcmp() and memcpy() directly. 
>
> Upstream commit:
> bc909d9ddbf7778371e36a651d6e4194b1cc7d4c
>
> References:
> https://bugzilla.redhat.com/show_bug.cgi?id=761646
>
> Thanks,
Please use CVE-2011-4594 for this issue.

-- 

-Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.