Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 281529

Summary: Kernel: Fix memory corruption in rf cache for driver rt2x00 (GENERIC-MAP-NOMATCH)
Product: Gentoo Security Reporter: Muhammad Rasyid Sahputra <cyberheb>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: hardened-kernel+disabled, kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6b26dead3ce97d016b57724b01974d5ca5c84bd5
Whiteboard: [linux <2.6.31]
Package list:
Runtime testing required: ---

Description Muhammad Rasyid Sahputra 2009-08-14 23:43:47 UTC 
From Pavel Roskin,

Change rt2x00_rf_read() and rt2x00_rf_write() to subtract 1 from the rf
register number.  This is needed because the rf registers are enumerated
starting with one.  The size of the rf register cache is just enough to
hold all registers, so writing to the highest register was corrupting
memory.  Add a check to make sure that the rf register number is valid.