Re: [ibm-acpi-devel] [ltp] WARNING: security hole in thinkpad-acpi and ibm-acpi kernel modules

On Tue, 21 Jul 2009, Henrique de Moraes Holschuh wrote: > Nobody has tried to write a exploit for this bug yet, but it does seem like > it is exploitable. It turns out that the Linux VFS layer on x86 (the only arch thinkpad-acpi works on, anyway) protects against very big writes, so the bug is lik

Re: [ibm-acpi-devel] [PATCH 3/4] thinkpad-acpi: Avoid heap buffer overrun

On Saturday 01 August 2009 17:04:19 Henrique de Moraes Holschuh wrote: > From: Michael Buesch > > Avoid a heap buffer overrun triggered by an integer overflow of the > userspace controlled "count" variable. > > If userspace passes in a "count" of (size_t)-1l, the kmalloc size will > overflow to

Re: [ibm-acpi-devel] [PATCH 3/4] thinkpad-acpi: Avoid heap buffer overrun

On Sunday 02 August 2009 03:50:12 Henrique de Moraes Holschuh wrote: > > Note that it turns out this is not a real-life bug after all. > > The VFS code checks count for signedness (high bit set) and bails > > out if this is the case. > > Well, it might probably be a good idea to restrict the count

Re: [ibm-acpi-devel] [PATCH 3/4] thinkpad-acpi: Avoid heap buffer overrun

On Sunday 02 August 2009 06:11:13 Len Brown wrote: > applied w/ simplified check-in commment > > thanks, > Len Brown, Intel Open Source Technology Center Thanks. The same discussion applies to the toshiba_acpi patch I sent to you. -- Greetings, Michael.