oss-sec mailing list archives

Re: CVE request: kernel: buffer overflow and DoS issues in agp

From: Vasiliy Kulikov <segoon () openwall com>
Date: Fri, 22 Apr 2011 21:12:38 +0400

On Fri, Apr 22, 2011 at 06:15 -1000, akuster wrote:

I am a bit confused.

https://bugzilla.redhat.com/show_bug.cgi?id=698999 references
https://lkml.org/lkml/2011/4/14/294

 which is assigned to CVE-2011-1746 not CVE-2011-1747.

is there a patch for CVE-2011-1747?


No.  The problem of CVE-2011-1747 is mentioned in the patch fixing
CVE-2011-1746 because the patch tries to fix a similar problem - OOM.

CVE-2011-1747 is not fixed yet.

Please use CVE-2011-1747.


In https://bugzilla.redhat.com/show_bug.cgi?id=698999 it is said
"Reference and patch:", but there is no patch for the issue (as I said
in the patch description).  I have no agp hardware and I cannot test
whether forcing the requested pid to the current pid is a good idea (it
might not).


-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments

Current thread:

CVE request: kernel: buffer overflow and DoS issues in agp Vasiliy Kulikov (Apr 21)
- Re: CVE request: kernel: buffer overflow and DoS issues in agp Petr Matousek (Apr 22)
  - Re: CVE request: kernel: buffer overflow and DoS issues in agp Vasiliy Kulikov (Apr 22)
    - Re: CVE request: kernel: buffer overflow and DoS issues in agp Petr Matousek (Apr 22)
    - Re: CVE request: kernel: buffer overflow and DoS issues in agp akuster (Apr 22)
    - Re: CVE request: kernel: buffer overflow and DoS issues in agp Vasiliy Kulikov (Apr 22)