[CVE-2010-4157] gdth: integer overflow in ioctl
Stefan Bader
stefan.bader at canonical.com
Mon Feb 7 08:29:00 UTC 2011
On 02/02/2011 01:27 PM, Andy Whitcroft wrote:
> CVE-2010-4157
>
> Integer overflow in the ioc_general function in drivers/scsi/gdth.c
> in the Linux kernel before 2.6.36.1 on 64-bit platforms allows
> local users to cause a denial of service (memory corruption)
> or possibly have unspecified other impact via a large argument
> in an ioctl call.
>
> This was fixed before Natty opened, and has already hit Maverick and
> Lucid via the upstream stable process. The upstream fix cherry-picks
> back to Karmic and Hardy unchanged. I have backported this fix to
> Dapper as well; including checks for additional parameters from
> userspace (which are validated in other ways in Hardy and later).
>
> Two patches follow, one for Dapper, and a second for Hardy and Karmic.
>
> -apw
>
Looks ok
Acked-by: Stefan Bader <stefan.bader at canonical.com>
More information about the kernel-team
mailing list