Re: CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES

[Huzaifa Sidhpurwala <huzaifas () redhat com>]

On 12/23/2010 08:53 AM, Eugene Teo wrote:
> From Dan Rosenbugs :>, "If the user-provided len is less than the
> expected offset, the IRLMP_ENUMDEVICES getsockopt will do a
> copy_to_user() with a very large size value.  While this isn't be a
> security issue on x86 because it will get caught by the access_ok()
> check, it may leak large amounts of kernel heap on other architectures.
>  In any event, this patch fixes it."

Assigned CVE-2010-4529 to this one.


-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team