oss-sec mailing list archives
CVE request - kernel: char: Int overflow in lp_do_ioctl()
From: Yongjian Xu <xuyongjiande () gmail com>
Date: Tue, 31 Dec 2013 14:33:57 +0800
Hi, https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=1c2de820d66d704c7d6fffdd872b7670eb4e29bb This is an integer overflow, and can be controlled via ioctl. arg comes from user-space, so int overflow may occur in this: LP_TIME(minor) = arg * HZ/100;
Current thread:
- CVE request - kernel: char: Int overflow in lp_do_ioctl() Yongjian Xu (Dec 30)
- Re: CVE request - kernel: char: Int overflow in lp_do_ioctl() Greg KH (Dec 30)