*** This bug is a security vulnerability *** Public security bug reported:
Fixed-by: 1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05 commit 1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05 Author: Timo Warns <wa...@pre-sense.de> Date: Mon Mar 14 14:59:33 2011 +0100 Fix corrupted OSF partition table parsing The kernel automatically evaluates partition tables of storage devices. The code for evaluating OSF partitions contains a bug that leaks data from kernel heap memory to userspace for certain corrupted OSF partitions. In more detail: for (i = 0 ; i < le16_to_cpu(label->d_npartitions); i++, partition++) { iterates from 0 to d_npartitions - 1, where d_npartitions is read from the partition table without validation and partition is a pointer to an array of at most 8 d_partitions. Add the proper and obvious validation. Signed-off-by: Timo Warns <wa...@pre-sense.de> Cc: sta...@kernel.org [ Changed the patch trivially to not repeat the whole le16_to_cpu() thing, and to use an explicit constant for the magic value '8' ] Signed-off-by: Linus Torvalds <torva...@linux-foundation.org> ** Affects: linux (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: linux-fsl-imx51 (Ubuntu) Importance: Undecided Status: Invalid ** Affects: linux-lts-backport-maverick (Ubuntu) Importance: Undecided Status: Invalid ** Affects: linux-mvl-dove (Ubuntu) Importance: Undecided Status: Invalid ** Affects: linux-ti-omap4 (Ubuntu) Importance: Undecided Status: Confirmed ** Affects: linux (Ubuntu Lucid) Importance: Undecided Status: Fix Released ** Affects: linux-fsl-imx51 (Ubuntu Lucid) Importance: Undecided Status: Fix Released ** Affects: linux-lts-backport-maverick (Ubuntu Lucid) Importance: Undecided Status: Fix Released ** Affects: linux-mvl-dove (Ubuntu Lucid) Importance: Undecided Status: Fix Released ** Affects: linux-ti-omap4 (Ubuntu Lucid) Importance: Undecided Status: Invalid ** Affects: linux (Ubuntu Maverick) Importance: Undecided Assignee: Andy Whitcroft (apw) Status: In Progress ** Affects: linux-fsl-imx51 (Ubuntu Maverick) Importance: Undecided Status: Invalid ** Affects: linux-lts-backport-maverick (Ubuntu Maverick) Importance: Undecided Status: Invalid ** Affects: linux-mvl-dove (Ubuntu Maverick) Importance: Undecided Status: Fix Released ** Affects: linux-ti-omap4 (Ubuntu Maverick) Importance: Undecided Status: Fix Released ** Affects: linux (Ubuntu Natty) Importance: Undecided Status: Fix Released ** Affects: linux-fsl-imx51 (Ubuntu Natty) Importance: Undecided Status: Invalid ** Affects: linux-lts-backport-maverick (Ubuntu Natty) Importance: Undecided Status: Invalid ** Affects: linux-mvl-dove (Ubuntu Natty) Importance: Undecided Status: Invalid ** Affects: linux-ti-omap4 (Ubuntu Natty) Importance: Undecided Status: Fix Released ** Affects: linux (Ubuntu Oneiric) Importance: Undecided Status: Fix Released ** Affects: linux-fsl-imx51 (Ubuntu Oneiric) Importance: Undecided Status: Invalid ** Affects: linux-lts-backport-maverick (Ubuntu Oneiric) Importance: Undecided Status: Invalid ** Affects: linux-mvl-dove (Ubuntu Oneiric) Importance: Undecided Status: Invalid ** Affects: linux-ti-omap4 (Ubuntu Oneiric) Importance: Undecided Status: Confirmed ** Affects: linux (Ubuntu Hardy) Importance: Undecided Assignee: Andy Whitcroft (apw) Status: In Progress ** Affects: linux-fsl-imx51 (Ubuntu Hardy) Importance: Undecided Status: Invalid ** Affects: linux-lts-backport-maverick (Ubuntu Hardy) Importance: Undecided Status: Invalid ** Affects: linux-mvl-dove (Ubuntu Hardy) Importance: Undecided Status: Invalid ** Affects: linux-ti-omap4 (Ubuntu Hardy) Importance: Undecided Status: Invalid ** Tags: kernel-cve-tracking-bug ** Tags added: kernel-cve-tracking-bug ** This bug has been flagged as a security vulnerability ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-1163 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/796606 Title: CVE-2011-1163 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/796606/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs