|Main Archive Page > Month Archives > oss-security archives|
On Sat, Jan 22, 2011 at 15:13 -0500, Steven M. Christey wrote:
> On Fri, 21 Jan 2011, Eugene Teo wrote:
> >On 01/21/2011 04:08 AM, Vasiliy Kulikov wrote:
> >>File position is not controlled, it may lead to overwrites of arbitrary
> >>kernel memory. Also the code may kfree() the same pointer multiple
> >Please use CVE-2011-0023 (this does not include the unresolved
> >flaw described in the following paragraph below).
> There seem to be 2 types of issues described above - the
> uncontrolled file position / memory overwrite, and a "double free".
If you want to count every bug in this code, here you are: if zero *ppos
after each write() then buf is leaked :-)
> So there should probably be 2 separate CVEs, not one. Am I missing
> - Steve
-- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments