blob: 00d2ac885490f1f733d9147c8e00ab6108732c06 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Candidate: CVE-2009-2846
Description:
Description:
parisc: isa-eeprom missing lower bound check
.
loff_t is a signed type. If userspace passes a negative ppos, the
"count" range check is weakened. If ppos is negative, the readb() later
in the function will poke in random memory. Only affects if you are
using a PA-RISC kernel with CONFIG_EISA set.
References:
Ubuntu-Description:
Notes:
Bugs:
upstream: released (2.6.31-rc6) [6b4dbcd8]
linux-2.6: released (2.6.30-6) [bugfix/parisc/isa-eeprom-fix-loff_t-usage.patch]
2.6.18-etch-security: released (2.6.18.dfsg.1-24etch4) [bugfix/hppa/isa-eeprom-fix-loff_t-usage.patch]
2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/hppa/isa-eeprom-fix-loff_t-usage.patch]
2.6.26-lenny-security: released (2.6.26-19) [bugfix/parisc/isa-eeprom-fix-loff_t-usage.patch]
|