oss-sec mailing list archives

CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow

From: Eugene Teo <eugeneteo () kernel sg>
Date: Thu, 16 Sep 2010 13:33:13 +0800

Reported by Ben Hawkes. "A vulnerability in the 32-bit compatibilitylayer for 64-bit systems was reported. It is caused by insecureallocation of user space memory when translating system call inputs to64-bit. A stack pointer underflow can occur when using the"compat_alloc_user_space" method with an arbitrary length input."


Reference:
http://sota.gen.nz/compat1/
https://bugzilla.redhat.com/CVE-2010-3081

Upstream commit:
http://git.kernel.org/linus/c41d68a513c71e35a14f66d71782d27a79a81ea6

Thanks, Eugene
--
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }

Current thread:

CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow Eugene Teo (Sep 15)