Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE requests: Two kernel issues
From: Eugene Teo <eugene () redhat com>
Date: Wed, 10 Aug 2011 08:28:22 +0800

On 08/10/2011 08:14 AM, Dan Rosenberg wrote:
On Tue, Aug 9, 2011 at 6:49 PM, Eugene Teo <eugene () redhat com> wrote:
On 08/10/2011 04:42 AM, Moritz Muehlenhoff wrote:>
2. [SCSI] pmcraid: reject negative request size
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b5b515445f4f5a905c5dd27e6e682868ccd6c09d

I don't have a PMC Sierra MaxRAID controller, so I am not sure what's
the permissions give to /dev/pmcsas%u. I'm checking. Meanwhile, use
CVE-2011-2906 for this issue.

Thanks, Eugene


This isn't a security issue because there's a check for CAP_SYS_ADMIN
on pmcraid_chr_open(), which is necessary to obtain a file descriptor
to the device file in order to call the affected ioctl.  Which is why
I didn't bother CC'ing security () kernel org  ;-)

Awesome. Rejecting CVE. Back to my holidays :)

Eugene


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]