oss-sec mailing list archives
Re: CVE Request: Linux Kernel heap corruption on debug_read_tlb
From: Greg KH <greg () kroah com>
Date: Thu, 15 Oct 2015 06:53:48 -0700
On Thu, Oct 15, 2015 at 10:30:04AM +0200, Salva Peiró wrote:
Hello,
Is there a CVE for this? If not, could one be assigned, please?
https://patchwork.kernel.org/patch/6853351/
commit e203db293863fa15b4b1917d4398fb5bd63c4e88
iommu/omap: Fix debug_read_tlb() to use seq_printf()
The debug_read_tlb() uses the sprintf() functions directly on the
buffer
allocated by buf = kmalloc(count), without taking into account the size
of the buffer, with the consequence corrupting the heap, depending on
the count requested by the user.
The patch fixes the issue replacing sprintf() by seq_printf().
For a root-only-readable file? Why is a CVE needed? thanks, greg k-h
Current thread:
- CVE Request: Linux Kernel heap corruption on debug_read_tlb Salva Peiró (Oct 15)
- Re: CVE Request: Linux Kernel heap corruption on debug_read_tlb Greg KH (Oct 15)
- Re: CVE Request: Linux Kernel heap corruption on debug_read_tlb Salva Peiró (Oct 16)
- Re: CVE Request: Linux Kernel heap corruption on debug_read_tlb Florian Weimer (Oct 16)
- Re: CVE Request: Linux Kernel heap corruption on debug_read_tlb Salva Peiró (Oct 16)
- Re: CVE Request: Linux Kernel heap corruption on debug_read_tlb Greg KH (Oct 15)