oss-sec mailing list archives
Re: [PATCH] acpi: debugfs: fix buffer overflows, double free
From: Eugene Teo <eugeneteo () kernel org>
Date: Fri, 21 Jan 2011 11:46:25 +0800
On 01/21/2011 04:08 AM, Vasiliy Kulikov wrote:
File position is not controlled, it may lead to overwrites of arbitrary kernel memory. Also the code may kfree() the same pointer multiple times.
http://lkml.org/lkml/2011/1/20/348 https://bugzilla.redhat.com/CVE-2011-0023Please use CVE-2011-0023 (this does not include the unresolved flaw described in the following paragraph below).
One more flaw is still present: if multiple processes open the file then all 3 static variables are shared, leading to various race conditions. They should be moved to file->private_data.
Thanks, Eugene
Current thread:
- Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo (Jan 20)
- Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Vasiliy Kulikov (Jan 21)
- Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo (Jan 21)
- Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Steven M. Christey (Jan 22)
- Re: Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo (Jan 22)
- Re: Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Josh Bressers (Jan 24)
- Re: Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo (Jan 24)
- Re: Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo (Jan 22)
- Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Vasiliy Kulikov (Jan 24)
- Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Vasiliy Kulikov (Jan 21)