oss-sec mailing list archives
Re: CVE request: kernel: parisc: isa-eeprom missing lower bound check
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 18 Aug 2009 16:58:43 -0400 (EDT)
I wasn't sure how to interpret the phrase "poke in random memory" from the bug comment and there wasn't enough source code context, so I guessed that the impact is reading unexpected memory, but maybe it's also a crash or whatever. - Steve ====================================================== Name: CVE-2009-2846 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2846 Reference: MLIST:[oss-security] 20090810 CVE request: kernel: parisc: isa-eeprom missing lower bound check Reference: URL:http://www.openwall.com/lists/oss-security/2009/08/10/1 Reference: MLIST:[oss-security] 20090818 Re: CVE request: kernel: parisc: isa-eeprom missing lower bound check Reference: URL:http://www.openwall.com/lists/oss-security/2009/08/18/6 Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6b4dbcd86a9d464057fcc7abe4d0574093071fcc The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function.
Current thread:
- CVE request: kernel: parisc: isa-eeprom missing lower bound check Eugene Teo (Aug 09)
- Re: CVE request: kernel: parisc: isa-eeprom missing lower bound check Steven M. Christey (Aug 18)
- Re: CVE request: kernel: parisc: isa-eeprom missing lower bound check Steven M. Christey (Aug 18)