| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <84144f020802100911u7c1a3d3cm212c08d1bb3225d6@mail.gmail.com>
Date: Sun, 10 Feb 2008 19:11:05 +0200
From: "Pekka Enberg" <penberg@...helsinki.fi>
To: "Greg KH" <greg@...ah.com>
Cc: "Oliver Pinter" <oliver.pntr@...il.com>,
"Bastian Blank" <bastian@...di.eu.org>,
"Niki Denev" <ndenev@...il.com>, "Willy Tarreau" <w@....eu>,
linux-kernel@...r.kernel.org, jens.axboe@...cle.com,
stable@...nel.org
Subject: Re: [stable] [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit
On Feb 10, 2008 7:05 PM, Greg KH <greg@...ah.com> wrote:
> No, this is a different CVE, as it is a different problem from the
> original 09 and 10 report.
>
> It has been given CVE-2008-0600 to address this issue (09 and 10 only
> affect .23 and .24 kernels, and have been fixed.)
>
> > + if(!access_ok(VERIFY_READ, base, len)) {
> > + error = -EFAULT;
> > + break;
> > + }
>
> Hm, perhaps we should just properly check the len field instead? That's
> what is being overflowed here...
Sorry, I forgot to cc you on this one:
http://lkml.org/lkml/2008/2/10/153
I don't see where the current code is checking that base is
accessible. We just check that we can copy the struct iovecs, right?
Pekka
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists