Bug 54164

Summary:

sys-kernel/*: 2.4.* i2c driver Code execution with kernel privs

Product:

Gentoo Security

Reporter:

Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>

Component:

Kernel

Assignee:

Gentoo Security <security>

Status:

RESOLVED INVALID

Severity:

major

Priority:

High

Version:

unspecified

Hardware:

All

OS:

All

URL:

http://www.securityfocus.com/archive/1/366198

Whiteboard:

B1 [kernel]

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
2.4.26-i2cproc_bus_read.patch	none

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-06-16 22:02:12 UTC

There is an integer overflow in the i2c driver of the 2.4 Linux Kernel. More info in the bugtraq announcement.

Comment 1 solar (RETIRED) gentoo-dev

2004-06-17 07:53:34 UTC

grsec-sources-2.4.26.2.0-r4 patched

Comment 2 solar (RETIRED) gentoo-dev

2004-06-17 08:06:58 UTC

Created attachment 33426 [details, diff]
2.4.26-i2cproc_bus_read.patch

Comment 3 Greg Kroah-Hartman (RETIRED) gentoo-dev

2004-06-17 12:45:11 UTC

There is no such security problem, that "announcement" was wrong.

size_t is unsigned so it can't be negative.  I have told the announcer about this
and he has recanted.

This is not a bug.

Comment 4 Thierry Carrez (RETIRED) gentoo-dev

2004-06-17 13:54:18 UTC

Thanks Greg for your input. It's not the first bogus advisory by Shaun Colley, we should double-check future advisories coming from him.

solar: you might want to back out your patch on grsec-sources.

Comment 5 solar (RETIRED) gentoo-dev

2004-06-17 17:48:06 UTC

yanked the patch..