CVE-2011-1494
Bug #787145 reported by
Herton R. Krzesinski
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Maverick |
Fix Released
|
Medium
|
Herton R. Krzesinski | ||
Natty |
Fix Released
|
Medium
|
Unassigned | ||
Oneiric |
Fix Released
|
Medium
|
Unassigned | ||
linux-fsl-imx51 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Paolo Pisati | ||
Maverick |
Invalid
|
Undecided
|
Unassigned | ||
Natty |
Invalid
|
Undecided
|
Unassigned | ||
Oneiric |
Invalid
|
Undecided
|
Unassigned | ||
linux-lts-backport-maverick (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Maverick |
Invalid
|
Undecided
|
Unassigned | ||
Natty |
Invalid
|
Undecided
|
Unassigned | ||
Oneiric |
Invalid
|
Undecided
|
Unassigned | ||
linux-mvl-dove (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Paolo Pisati | ||
Maverick |
Fix Released
|
Undecided
|
Unassigned | ||
Natty |
Invalid
|
Undecided
|
Unassigned | ||
Oneiric |
Invalid
|
Undecided
|
Unassigned | ||
linux-ti-omap4 (Ubuntu) |
Fix Released
|
Undecided
|
Paolo Pisati | ||
Hardy |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Maverick |
Fix Released
|
Undecided
|
Paolo Pisati | ||
Natty |
Fix Released
|
Undecided
|
Paolo Pisati | ||
Oneiric |
Fix Released
|
Undecided
|
Paolo Pisati |
Bug Description
mpt2sas: prevent heap overflows and unchecked reads
At two points in handling device ioctls via /dev/mpt2ctl, user-supplied
length values are used to copy data from userspace into heap buffers
without bounds checking, allowing controllable heap corruption and
subsequently privilege escalation.
Additionally, user-supplied values are used to determine the size of a
copy_to_user() as well as the offset into the buffer to be read, with no
bounds checking, allowing users to read arbitrary kernel memory.
Related branches
tags: | added: kernel-cve-tracking-bug |
security vulnerability: | no → yes |
Changed in linux-fsl-imx51 (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Maverick): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Natty): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Oneiric): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Natty): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Oneiric): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Lucid): | |
assignee: | nobody → Paolo Pisati (p-pisati) |
status: | New → In Progress |
Changed in linux-mvl-dove (Ubuntu Lucid): | |
assignee: | nobody → Paolo Pisati (p-pisati) |
status: | New → In Progress |
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
assignee: | nobody → Paolo Pisati (p-pisati) |
status: | New → In Progress |
Changed in linux-ti-omap4 (Ubuntu Natty): | |
assignee: | nobody → Paolo Pisati (p-pisati) |
status: | New → In Progress |
Changed in linux-ti-omap4 (Ubuntu Oneiric): | |
assignee: | nobody → Paolo Pisati (p-pisati) |
status: | New → In Progress |
Changed in linux-lts-backport-maverick (Ubuntu Maverick): | |
status: | New → Invalid |
Changed in linux-lts-backport-maverick (Ubuntu Natty): | |
status: | New → Invalid |
Changed in linux-lts-backport-maverick (Ubuntu Oneiric): | |
status: | New → Invalid |
Changed in linux-lts-backport-maverick (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-lts-backport-maverick (Ubuntu Lucid): | |
status: | New → Fix Released |
Changed in linux-mvl-dove (Ubuntu Maverick): | |
status: | New → Fix Released |
Changed in linux-mvl-dove (Ubuntu Lucid): | |
status: | In Progress → Fix Released |
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
status: | In Progress → Fix Released |
Changed in linux-ti-omap4 (Ubuntu Natty): | |
status: | In Progress → Fix Released |
Changed in linux-ti-omap4 (Ubuntu Oneiric): | |
status: | In Progress → Fix Released |
To post a comment you must log in.
mpt2sas appeared only in 2.6.30