oss-security January 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] Re: [PATCH] acpi: debugfs: fix

Re: [oss-security] Re: [PATCH] acpi: debugfs: fix buffer overflows, double free

From: Eugene Teo <eugeneteo_at_nospam>
Date: Sun Jan 23 2011 - 00:36:19 GMT
To: oss-security@lists.openwall.com

On 01/23/2011 04:13 AM, Steven M. Christey wrote:
> On Fri, 21 Jan 2011, Eugene Teo wrote:
>> On 01/21/2011 04:08 AM, Vasiliy Kulikov wrote:
>>> File position is not controlled, it may lead to overwrites of arbitrary
>>> kernel memory. Also the code may kfree() the same pointer multiple
>>> times.
>> http://lkml.org/lkml/2011/1/20/348
>> https://bugzilla.redhat.com/CVE-2011-0023
>> Please use CVE-2011-0023 (this does not include the unresolved flaw
>> described in the following paragraph below).
> There seem to be 2 types of issues described above - the uncontrolled
> file position / memory overwrite, and a "double free". So there should
> probably be 2 separate CVEs, not one. Am I missing something?

Sorry about it. Please see http://seclists.org/oss-sec/2011/q1/106.