281999 – (CVE-2009-2846) Kernel: parisc isa-eeprom eisa_eeprom_read() memory disclosure (CVE-2009-2846)

Bug 281999 (CVE-2009-2846) - Kernel: parisc isa-eeprom eisa_eeprom_read() memory disclosure (CVE-2009-2846)

Summary: Kernel: parisc isa-eeprom eisa_eeprom_read() memory disclosure (CVE-2009-2846)

Status:	RESOLVED FIXED

Alias:	CVE-2009-2846

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	HPPA Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://git.kernel.org/?p=linux/kernel...
Whiteboard:	[ linux < 2.6.31 ]
Keywords:

Depends on:	305733 307847
Blocks:
	Show dependency tree

Reported:	2009-08-19 09:20 UTC by Alex Legler (RETIRED)
Modified:	2020-04-10 11:36 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Legler (RETIRED) archtester

2009-08-19 09:20:30 UTC

CVE-2009-2846 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2846):
  The eisa_eeprom_read function in the parisc isa-eeprom component
  (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6
  allows local users to access restricted memory via a negative ppos
  argument, which bypasses a check that assumes that ppos is positive
  and causes an out-of-bounds read in the readb function.

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2010-04-17 15:26:55 UTC

I believe the bug is fixed in the more recently stable kernels.

Comment 2 Guy Martin (RETIRED) gentoo-dev

2010-08-02 18:50:38 UTC

vanilla-sources 2.6.32.9 stable from some time already.

Shall I close ?

Comment 3 Agostino Sarubbo gentoo-dev

2013-01-14 15:14:02 UTC

The work for hppa is done. CC back if security needs something.

Comment 4 Aaron Bauman (RETIRED) gentoo-dev

2016-11-29 23:47:41 UTC

No vulnerable sources left in tree.