Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Ubuntu Kernel Team (http://www.linux-archive.org/ubuntu-kernel-team/)
-   -   gdth: integer overflow in ioctl (http://www.linux-archive.org/ubuntu-kernel-team/484225-gdth-integer-overflow-ioctl.html)

Andy Whitcroft 02-02-2011 11:27 AM

gdth: integer overflow in ioctl
 
CVE-2010-4157

Integer overflow in the ioc_general function in drivers/scsi/gdth.c
in the Linux kernel before 2.6.36.1 on 64-bit platforms allows
local users to cause a denial of service (memory corruption)
or possibly have unspecified other impact via a large argument
in an ioctl call.

This was fixed before Natty opened, and has already hit Maverick and
Lucid via the upstream stable process. The upstream fix cherry-picks
back to Karmic and Hardy unchanged. I have backported this fix to
Dapper as well; including checks for additional parameters from
userspace (which are validated in other ways in Hardy and later).

Two patches follow, one for Dapper, and a second for Hardy and Karmic.

-apw

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

Tim Gardner 02-02-2011 12:37 PM

gdth: integer overflow in ioctl
 
On 02/02/2011 05:27 AM, Andy Whitcroft wrote:

CVE-2010-4157

Integer overflow in the ioc_general function in drivers/scsi/gdth.c
in the Linux kernel before 2.6.36.1 on 64-bit platforms allows
local users to cause a denial of service (memory corruption)
or possibly have unspecified other impact via a large argument
in an ioctl call.

This was fixed before Natty opened, and has already hit Maverick and
Lucid via the upstream stable process. The upstream fix cherry-picks
back to Karmic and Hardy unchanged. I have backported this fix to
Dapper as well; including checks for additional parameters from
userspace (which are validated in other ways in Hardy and later).

Two patches follow, one for Dapper, and a second for Hardy and Karmic.

-apw



Acked-by: Tim Gardner <tim.gardner@canonical.com>

--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

Stefan Bader 02-07-2011 07:29 AM

gdth: integer overflow in ioctl
 
On 02/02/2011 01:27 PM, Andy Whitcroft wrote:
> CVE-2010-4157
>
> Integer overflow in the ioc_general function in drivers/scsi/gdth.c
> in the Linux kernel before 2.6.36.1 on 64-bit platforms allows
> local users to cause a denial of service (memory corruption)
> or possibly have unspecified other impact via a large argument
> in an ioctl call.
>
> This was fixed before Natty opened, and has already hit Maverick and
> Lucid via the upstream stable process. The upstream fix cherry-picks
> back to Karmic and Hardy unchanged. I have backported this fix to
> Dapper as well; including checks for additional parameters from
> userspace (which are validated in other ways in Hardy and later).
>
> Two patches follow, one for Dapper, and a second for Hardy and Karmic.
>
> -apw
>
Looks ok

Acked-by: Stefan Bader <stefan.bader@canonical.com>

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

Andy Whitcroft 02-07-2011 08:00 AM

gdth: integer overflow in ioctl
 
Applied to Karmic, Hardy, and Dapper.

-apw

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team


All times are GMT. The time now is 05:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.