oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: kernel: uio: CVE-2013-6763 [was: Re: [oss-security] some unstracked linux kernel security fixes]

From: Petr Matousek <pmatouse () redhat com>
Date: Wed, 4 Dec 2013 11:26:42 +0100
On Mon, Dec 02, 2013 at 07:44:53PM -0800, Linus Torvalds wrote:

On Mon, Dec 2, 2013 at 7:40 PM, Greg Kroah-Hartman
<gregkh () linuxfoundation org> wrote:

On Tue, Nov 26, 2013 at 01:18:39PM +0100, Petr Matousek wrote:


IOW, with the current changes, isn't the functionality broken for
non page-aligned addr and/or size?


This should now be fixed in Linus's tree, right?


Well, that depends on what you mean by "fixed".


I was going to say no, but then saw b6550287.

Just for the record, the CVE-2013-6763 fix consists of

  * uio part of 7314e613
  * b6550287


If somebody depended on "we'll just mmap the page(s) that contained
the partial and unaligned resource", then current git is very very
broken, because it doesn't allow that at all.


Intuitively I'd assume that the rounding up in uio_mmap is there for a
reason, but what do I know.

Regards,
-- 
Petr Matousek / Red Hat Security Response Team
PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3  D874 3E78 6F42 C449 77CA
Previous By Date Next
Previous By Thread Next

Current thread: