oss-sec mailing list archives
Re: kernel: uio: CVE-2013-6763 [was: Re: [oss-security] some unstracked linux kernel security fixes]
From: Petr Matousek <pmatouse () redhat com>
Date: Wed, 4 Dec 2013 11:26:42 +0100
On Mon, Dec 02, 2013 at 07:44:53PM -0800, Linus Torvalds wrote:
On Mon, Dec 2, 2013 at 7:40 PM, Greg Kroah-Hartman <gregkh () linuxfoundation org> wrote:On Tue, Nov 26, 2013 at 01:18:39PM +0100, Petr Matousek wrote:IOW, with the current changes, isn't the functionality broken for non page-aligned addr and/or size?This should now be fixed in Linus's tree, right?Well, that depends on what you mean by "fixed".
I was going to say no, but then saw b6550287. Just for the record, the CVE-2013-6763 fix consists of * uio part of 7314e613 * b6550287
If somebody depended on "we'll just mmap the page(s) that contained the partial and unaligned resource", then current git is very very broken, because it doesn't allow that at all.
Intuitively I'd assume that the rounding up in uio_mmap is there for a reason, but what do I know. Regards, -- Petr Matousek / Red Hat Security Response Team PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3 D874 3E78 6F42 C449 77CA
Current thread:
- some unstracked linux kernel security fixes Nico Golde (Nov 03)
- Re: some unstracked linux kernel security fixes Kurt Seifried (Nov 04)
- Re: some unstracked linux kernel security fixes Petr Matousek (Nov 12)
- Re: some unstracked linux kernel security fixes Petr Matousek (Nov 14)
- Re: some unstracked linux kernel security fixes Dan Carpenter (Nov 14)
- Re: some unstracked linux kernel security fixes Petr Matousek (Nov 14)
- kernel: uio: CVE-2013-6763 [was: Re: [oss-security] some unstracked linux kernel security fixes] Petr Matousek (Nov 26)
- Re: kernel: uio: CVE-2013-6763 [was: Re: [oss-security] some unstracked linux kernel security fixes] Greg Kroah-Hartman (Dec 02)
- Re: kernel: uio: CVE-2013-6763 [was: Re: [oss-security] some unstracked linux kernel security fixes] Linus Torvalds (Dec 02)
- Re: kernel: uio: CVE-2013-6763 [was: Re: [oss-security] some unstracked linux kernel security fixes] Petr Matousek (Dec 04)
- Re: some unstracked linux kernel security fixes Petr Matousek (Nov 14)