oss-sec mailing list archives
CVE-2011-2906 should have been rejected (kernel non-security issue)
From: Vincent Danen <vdanen () redhat com>
Date: Thu, 24 May 2012 22:11:09 -0600
Hi, Steve. Just a friendly heads-up on what came through CVENEW today:
Name: CVE-2011-2906 (kernel) Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2906 [Open URL] Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20110727 Category: Reference: MLIST:[oss-security] 20110810 Re: CVE requests: Two kernel issues Reference: URL:http://www.openwall.com/lists/oss-security/2011/08/09/8 [Open URL] Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux- [Open URL] 2.6.git;a=commit;h=b5b515445f4f5a905c5dd27e6e682868ccd6c09d Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1 [Open URL] Reference: CONFIRM:https://github.com/torvalds/linux/commit/b5b515445f4f5a905c5dd27e6e682868ccd6c09d [Open URL] Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 allows local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call.
This should be rejected as per the message two responses after the first reference above: http://www.openwall.com/lists/oss-security/2011/08/10/2 where Eugene says, based on the "this isn't a security flaw" message from Dan Rosenberg. Can you add a "REJECT" or "DISPUTED" note or whatever? This probably should have never been written up. Thanks. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE-2011-2906 should have been rejected (kernel non-security issue) Vincent Danen (May 24)