oss-sec mailing list archives
Re: CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised
From: Josh Bressers <bressers () redhat com>
Date: Mon, 19 Oct 2009 15:26:16 -0400 (EDT)
Please use CVE-2009-3620 Thanks. -- JB ----- "Eugene Teo" <eugeneteo () kernel sg> wrote:
Quoting from the upstream commit: "Almost all r128's private ioctls require that the CCE state has already been initialised. However, most do not test that this has been done, and will proceed to dereference a null pointer. This may result in a security vulnerability, since some ioctls are unprivileged. This adds a macro for the common initialisation test and changes all ioctl implementations that require prior initialisation to use that macro. Also, r128_do_init_cce() does not test that the CCE state has not been initialised already. Repeated initialisation may lead to a crash or resource leak. This adds that test." http://git.kernel.org/linus/7dc482dfeeeefcfd000d4271c4626937406756d7 Other references: http://secunia.com/advisories/36707/ https://bugzilla.redhat.com/show_bug.cgi?id=529597 Thanks, Eugene
Current thread:
- CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised Eugene Teo (Oct 18)
- Re: CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised Josh Bressers (Oct 19)