oss-sec mailing list archives
Re: CVE request -- Linux kernel irda driver buffer
From: security curmudgeon <jericho () attrition org>
Date: Fri, 3 Apr 2009 09:46:09 +0000 (UTC)
Previous discussion: http://marc.info/?l=oss-security&w=2&r=1&s=irda+driver&q=b
Mark Cox ruled "doesn't seem to have any security implications". Since then, 3rd party analysis suggests it still may in a different manner:
http://xorl.wordpress.com/2009/03/11/linux-kernel-irda-sigmatel-stir421x-off-by-one/ [..]This could lead to information leak if request_firmware() gives some kind of output but I havent checked this.
[..] Comments?
Current thread:
- Re: CVE request -- Linux kernel irda driver buffer security curmudgeon (Apr 03)