On Tue, 21 Jul 2009, Henrique de Moraes Holschuh wrote:
> Nobody has tried to write a exploit for this bug yet, but it does seem like
> it is exploitable.
It turns out that the Linux VFS layer on x86 (the only arch thinkpad-acpi
works on, anyway) protects against very big writes, so the bug is lik
On Saturday 01 August 2009 17:04:19 Henrique de Moraes Holschuh wrote:
> From: Michael Buesch
>
> Avoid a heap buffer overrun triggered by an integer overflow of the
> userspace controlled "count" variable.
>
> If userspace passes in a "count" of (size_t)-1l, the kmalloc size will
> overflow to
On Sunday 02 August 2009 03:50:12 Henrique de Moraes Holschuh wrote:
> > Note that it turns out this is not a real-life bug after all.
> > The VFS code checks count for signedness (high bit set) and bails
> > out if this is the case.
> > Well, it might probably be a good idea to restrict the count
On Sunday 02 August 2009 06:11:13 Len Brown wrote:
> applied w/ simplified check-in commment
>
> thanks,
> Len Brown, Intel Open Source Technology Center
Thanks.
The same discussion applies to the toshiba_acpi patch I sent to you.
--
Greetings, Michael.