385919 – (CVE-2011-2208) Kernel: linux >= 2.6.39.1 signedness error when processing the "osf_sysinfo() (CVE-2011-2208)

Bug 385919 (CVE-2011-2208) - Kernel: linux >= 2.6.39.1 signedness error when processing the "osf_sysinfo() (CVE-2011-2208)

Summary: Kernel: linux >= 2.6.39.1 signedness error when processing the "osf_sysinfo()...

Status:	RESOLVED FIXED

Alias:	CVE-2011-2208

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	Alpha Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/44754/
Whiteboard:	[linux >= 2.6.39.1]
Keywords:

Depends on:
Blocks:

Reported:	2011-10-06 19:58 UTC by Michael Harrison
Modified:	2013-09-04 03:25 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Harrison 2011-10-06 19:58:11 UTC

A signedness error when processing the "osf_sysinfo()" system call in arch/alpha/kernel/osf_sys.c can be exploited to disclose the contents of some kernel memory.

Comment 1 Michael Harrison 2012-01-31 10:44:36 UTC

Original Advisory:
https://lkml.org/lkml/2011/6/11/87

Solution:
Fixed in version 2.6.35.14

This may not affect current sources, but I wanted to clean up the bug a bit for tracking purposes.

Thanks, Michael