oss-sec mailing list archives
Re: CVE requests: Three Linux kernel issues
From: Eugene Teo <eugene () redhat com>
Date: Tue, 12 Apr 2011 10:42:19 +0800
[3] http://permalink.gmane.org/gmane.linux.kernel/1124409 : | [PATCH] char: istallion: fix arbitrary kernel memory reads/writes | | stli_brdstats is defined as global variable. After de-BKL-ization in | the patch b4eda9cb48eac1b7 an access to the variable is not serialized | anymore. This leads to the TOCTOU in stli_getbrdstats():
[...] de-BKL-ization patch b4eda9cb48eac1b7 happened in v2.6.36-rc1.I don't think this qualifies a CVE as this is a staging driver (not supported, experimental, buggy, use at your own risk).
Thanks, Eugene -- main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Current thread:
- CVE requests: Three Linux kernel issues Moritz Muehlenhoff (Apr 11)
- Re: CVE requests: Three Linux kernel issues Dan Rosenberg (Apr 11)
- Re: CVE requests: Three Linux kernel issues Vasiliy Kulikov (Apr 12)
- Re: CVE requests: Three Linux kernel issues Eugene Teo (Apr 11)
- Re: CVE requests: Three Linux kernel issues Eugene Teo (Apr 11)
- Re: CVE requests: Three Linux kernel issues Dan Rosenberg (Apr 11)