[CVE-2010-4157] gdth: integer overflow in ioctl
Tim Gardner
tim.gardner at canonical.com
Wed Feb 2 13:37:16 UTC 2011
On 02/02/2011 05:27 AM, Andy Whitcroft wrote:
> CVE-2010-4157
>
> Integer overflow in the ioc_general function in drivers/scsi/gdth.c
> in the Linux kernel before 2.6.36.1 on 64-bit platforms allows
> local users to cause a denial of service (memory corruption)
> or possibly have unspecified other impact via a large argument
> in an ioctl call.
>
> This was fixed before Natty opened, and has already hit Maverick and
> Lucid via the upstream stable process. The upstream fix cherry-picks
> back to Karmic and Hardy unchanged. I have backported this fix to
> Dapper as well; including checks for additional parameters from
> userspace (which are validated in other ways in Hardy and later).
>
> Two patches follow, one for Dapper, and a second for Hardy and Karmic.
>
> -apw
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list