Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 54164

Summary: sys-kernel/*: 2.4.* i2c driver Code execution with kernel privs
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: major    
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://www.securityfocus.com/archive/1/366198
Whiteboard: B1 [kernel]
Package list:
Runtime testing required: ---
Attachments:
Description Flags
2.4.26-i2cproc_bus_read.patch none

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-06-16 22:02:12 UTC
There is an integer overflow in the i2c driver of the 2.4 Linux Kernel. More info in the bugtraq announcement.
Comment 1 solar (RETIRED) gentoo-dev 2004-06-17 07:53:34 UTC
grsec-sources-2.4.26.2.0-r4 patched
Comment 2 solar (RETIRED) gentoo-dev 2004-06-17 08:06:58 UTC
Created attachment 33426 [details, diff]
2.4.26-i2cproc_bus_read.patch
Comment 3 Greg Kroah-Hartman (RETIRED) gentoo-dev 2004-06-17 12:45:11 UTC
There is no such security problem, that "announcement" was wrong.

size_t is unsigned so it can't be negative.  I have told the announcer about this
and he has recanted.

This is not a bug.
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2004-06-17 13:54:18 UTC
Thanks Greg for your input. It's not the first bogus advisory by Shaun Colley, we should double-check future advisories coming from him.

solar: you might want to back out your patch on grsec-sources.
Comment 5 solar (RETIRED) gentoo-dev 2004-06-17 17:48:06 UTC
yanked the patch..