oss-sec mailing list archives
Re: some unstracked linux kernel security fixes
From: Petr Matousek <pmatouse () redhat com>
Date: Tue, 12 Nov 2013 11:10:33 +0100
Hi, On Sun, Nov 03, 2013 at 05:32:52PM +0100, Nico Golde wrote:
drivers/uio/uio.c: mapping of physical memory to user space without proper size check https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7314e613d5ff
there is a size check in uio_mmap() (the only caller of uio_mmap_physical()):
requested_pages = vma_pages(vma);
actual_pages = ((idev->info->mem[mi].addr & ~PAGE_MASK)
+ idev->info->mem[mi].size + PAGE_SIZE -1) >> PAGE_SHIFT;
if (requested_pages > actual_pages)
return -EINVAL;
why it wasn't sufficient?
Thanks,
--
Petr Matousek / Red Hat Security Response Team
Current thread:
- some unstracked linux kernel security fixes Nico Golde (Nov 03)
- Re: some unstracked linux kernel security fixes Kurt Seifried (Nov 04)
- Re: some unstracked linux kernel security fixes Petr Matousek (Nov 12)
- Re: some unstracked linux kernel security fixes Petr Matousek (Nov 14)
- Re: some unstracked linux kernel security fixes Dan Carpenter (Nov 14)
- Re: some unstracked linux kernel security fixes Petr Matousek (Nov 14)
- kernel: uio: CVE-2013-6763 [was: Re: [oss-security] some unstracked linux kernel security fixes] Petr Matousek (Nov 26)
- Re: kernel: uio: CVE-2013-6763 [was: Re: [oss-security] some unstracked linux kernel security fixes] Greg Kroah-Hartman (Dec 02)
- Re: kernel: uio: CVE-2013-6763 [was: Re: [oss-security] some unstracked linux kernel security fixes] Linus Torvalds (Dec 02)
- Re: kernel: uio: CVE-2013-6763 [was: Re: [oss-security] some unstracked linux kernel security fixes] Petr Matousek (Dec 04)
- Re: some unstracked linux kernel security fixes Petr Matousek (Nov 14)