Home page logo

oss-sec logo oss-sec mailing list archives

CVE Request -- kernel: compat: SIOCGSTAMP/SIOCGSTAMPNS incorrect order of arguments to compat_put_time[val|spec]
From: Petr Matousek <pmatouse () redhat com>
Date: Thu, 4 Oct 2012 00:08:56 +0200

Description of the problem:

Commit 644595f89620 ("compat: Handle COMPAT_USE_64BIT_TIME in
net/socket.c") introduced a bug where the helper functions to take
either a 64-bit or compat time[spec|val] got the arguments in the wrong
order, passing the kernel stack pointer off as a user pointer (and vice

On architectures that use separate address spaces for userspace and
kernel (for example PA-RISC), an unprivileged local user can crash the
system or read kernel memory.

Introduced in:

Upstream fix:


This issue was discovered by Mikulas Patocka of Red Hat.

Petr Matousek / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]