*** This bug is a security vulnerability ***
Public security bug reported:
Fixed-by: 1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05
commit 1eafbfeb7bdf59cfe173304c76188f3fd5f1fd05
Author: Timo Warns <wa...@pre-sense.de>
Date: Mon Mar 14 14:59:33 2011 +0100
Fix corrupted OSF partition table parsing
The kernel automatically evaluates partition tables of storage devices.
The code for evaluating OSF partitions contains a bug that leaks data
from kernel heap memory to userspace for certain corrupted OSF
partitions.
In more detail:
for (i = 0 ; i < le16_to_cpu(label->d_npartitions); i++, partition++) {
iterates from 0 to d_npartitions - 1, where d_npartitions is read from
the partition table without validation and partition is a pointer to an
array of at most 8 d_partitions.
Add the proper and obvious validation.
Signed-off-by: Timo Warns <wa...@pre-sense.de>
Cc: sta...@kernel.org
[ Changed the patch trivially to not repeat the whole le16_to_cpu()
thing, and to use an explicit constant for the magic value '8' ]
Signed-off-by: Linus Torvalds <torva...@linux-foundation.org>
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: linux-fsl-imx51 (Ubuntu)
Importance: Undecided
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu)
Importance: Undecided
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu)
Importance: Undecided
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu)
Importance: Undecided
Status: Confirmed
** Affects: linux (Ubuntu Lucid)
Importance: Undecided
Status: Fix Released
** Affects: linux-fsl-imx51 (Ubuntu Lucid)
Importance: Undecided
Status: Fix Released
** Affects: linux-lts-backport-maverick (Ubuntu Lucid)
Importance: Undecided
Status: Fix Released
** Affects: linux-mvl-dove (Ubuntu Lucid)
Importance: Undecided
Status: Fix Released
** Affects: linux-ti-omap4 (Ubuntu Lucid)
Importance: Undecided
Status: Invalid
** Affects: linux (Ubuntu Maverick)
Importance: Undecided
Assignee: Andy Whitcroft (apw)
Status: In Progress
** Affects: linux-fsl-imx51 (Ubuntu Maverick)
Importance: Undecided
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Maverick)
Importance: Undecided
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Maverick)
Importance: Undecided
Status: Fix Released
** Affects: linux-ti-omap4 (Ubuntu Maverick)
Importance: Undecided
Status: Fix Released
** Affects: linux (Ubuntu Natty)
Importance: Undecided
Status: Fix Released
** Affects: linux-fsl-imx51 (Ubuntu Natty)
Importance: Undecided
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Natty)
Importance: Undecided
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Natty)
Importance: Undecided
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Natty)
Importance: Undecided
Status: Fix Released
** Affects: linux (Ubuntu Oneiric)
Importance: Undecided
Status: Fix Released
** Affects: linux-fsl-imx51 (Ubuntu Oneiric)
Importance: Undecided
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Oneiric)
Importance: Undecided
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Oneiric)
Importance: Undecided
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Oneiric)
Importance: Undecided
Status: Confirmed
** Affects: linux (Ubuntu Hardy)
Importance: Undecided
Assignee: Andy Whitcroft (apw)
Status: In Progress
** Affects: linux-fsl-imx51 (Ubuntu Hardy)
Importance: Undecided
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Hardy)
Importance: Undecided
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Hardy)
Importance: Undecided
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Hardy)
Importance: Undecided
Status: Invalid
** Tags: kernel-cve-tracking-bug
** Tags added: kernel-cve-tracking-bug
** This bug has been flagged as a security vulnerability
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1163
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/796606
Title:
CVE-2011-1163
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/796606/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
