[CVE-2011-1759] semtimedop nops overflow
Andy Whitcroft
apw at canonical.com
Thu Feb 2 10:59:58 UTC 2012
CVE-2011-1759
When CONFIG_OABI_COMPAT is set, the wrapper for semtimedop does
not bound the nsops argument. A sufficiently large value will
cause an integer overflow in allocation size, followed by copying
too much data into the allocated buffer.
Fixes for this have hit oneiric and later via mainline and stable.
Following this email is a patch for maverick/ti-omap4 and natty/ti-omap4,
this is a simple cherry-pick from mainline.
Proposing for maverick/ti-omap4 and natty/ti-omap4.
-apw
More information about the kernel-team
mailing list