Bug 279497

Summary:

Kernel: x86: fix buffer overflow in efi_init() (GENERIC-MAP-NOMATCH)

Product:

Gentoo Security

Reporter:

Brayan Arraes (YacK) <brayan>

Component:

Kernel

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

normal

CC:

hardened-kernel+disabled, kernel

Priority:

High

Version:

unspecified

Hardware:

All

OS:

Linux

URL:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fdb8a42742ac95606668f73481dfb2f760658fdd

Whiteboard:

[linux <2.6.31]

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
patch to fix bugs	none

Description Brayan Arraes (YacK) 2009-07-28 18:18:27 UTC

If the vendor name (from c16) can be longer than 100 bytes (or missing a
terminating null), then the null is writen past the end of vendor[].

Reproducible: Always

Comment 1 Brayan Arraes (YacK) 2009-07-28 18:21:38 UTC

Created attachment 199465 [details]
patch to fix bugs

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2009-07-30 12:50:39 UTC

http://xorl.wordpress.com/2009/07/29/linux-kernel-extensible-firmware-interface-off-by-one-overwrite/