Searched hist:"21 c5977a" (Results 1 – 1 of 1) sorted by relevance
/openbmc/linux/arch/alpha/kernel/ |
H A D | osf_sys.c | 21c5977a Wed Jun 15 17:09:01 CDT 2011 Dan Rosenberg <drosenberg@vsecurity.com> alpha: fix several security issues
Fix several security issues in Alpha-specific syscalls. Untested, but mostly trivial.
1. Signedness issue in osf_getdomainname allows copying out-of-bounds kernel memory to userland.
2. Signedness issue in osf_sysinfo allows copying large amounts of kernel memory to userland.
3. Typo (?) in osf_getsysinfo bounds minimum instead of maximum copy size, allowing copying large amounts of kernel memory to userland.
4. Usage of user pointer in osf_wait4 while under KERNEL_DS allows privilege escalation via writing return value of sys_wait4 to kernel memory.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Cc: Matt Turner <mattst88@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 21c5977a Wed Jun 15 17:09:01 CDT 2011 Dan Rosenberg <drosenberg@vsecurity.com> alpha: fix several security issues Fix several security issues in Alpha-specific syscalls. Untested, but mostly trivial. 1. Signedness issue in osf_getdomainname allows copying out-of-bounds kernel memory to userland. 2. Signedness issue in osf_sysinfo allows copying large amounts of kernel memory to userland. 3. Typo (?) in osf_getsysinfo bounds minimum instead of maximum copy size, allowing copying large amounts of kernel memory to userland. 4. Usage of user pointer in osf_wait4 while under KERNEL_DS allows privilege escalation via writing return value of sys_wait4 to kernel memory. Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Cc: Matt Turner <mattst88@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|