Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 54164 - sys-kernel/*: 2.4.* i2c driver Code execution with kernel privs
Summary: sys-kernel/*: 2.4.* i2c driver Code execution with kernel privs
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
URL: http://www.securityfocus.com/archive/...
Whiteboard: B1 [kernel]
Keywords:
Depends on:
Blocks:
 
Reported: 2004-06-16 22:02 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2011-10-30 22:42 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
2.4.26-i2cproc_bus_read.patch (2.4.26-i2cproc_bus_read.patch,512 bytes, patch)
2004-06-17 08:06 UTC, solar (RETIRED) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-06-16 22:02:12 UTC 
There is an integer overflow in the i2c driver of the 2.4 Linux Kernel. More info in the bugtraq announcement.
Comment 1 solar (RETIRED) gentoo-dev 2004-06-17 07:53:34 UTC 
grsec-sources-2.4.26.2.0-r4 patched
Comment 2 solar (RETIRED) gentoo-dev 2004-06-17 08:06:58 UTC 
Created attachment 33426 [details, diff]
2.4.26-i2cproc_bus_read.patch
Comment 3 Greg Kroah-Hartman (RETIRED) gentoo-dev 2004-06-17 12:45:11 UTC 
There is no such security problem, that "announcement" was wrong.

size_t is unsigned so it can't be negative.  I have told the announcer about this
and he has recanted.

This is not a bug.
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2004-06-17 13:54:18 UTC 
Thanks Greg for your input. It's not the first bogus advisory by Shaun Colley, we should double-check future advisories coming from him.

solar: you might want to back out your patch on grsec-sources.
Comment 5 solar (RETIRED) gentoo-dev 2004-06-17 17:48:06 UTC 
yanked the patch..