APPLIED: [CVE-2011-1759] semtimedop nops overflow
Tim Gardner
rtg.canonical at gmail.com
Thu Feb 2 12:57:44 UTC 2012
On 02/02/2012 03:59 AM, Andy Whitcroft wrote:
> CVE-2011-1759
> When CONFIG_OABI_COMPAT is set, the wrapper for semtimedop does
> not bound the nsops argument. A sufficiently large value will
> cause an integer overflow in allocation size, followed by copying
> too much data into the allocated buffer.
>
> Fixes for this have hit oneiric and later via mainline and stable.
> Following this email is a patch for maverick/ti-omap4 and natty/ti-omap4,
> this is a simple cherry-pick from mainline.
>
> Proposing for maverick/ti-omap4 and natty/ti-omap4.
>
> -apw
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list