Summary: | sys-kernel/*: 2.4.* i2c driver Code execution with kernel privs | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> | ||||
Component: | Kernel | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED INVALID | ||||||
Severity: | major | ||||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
URL: | http://www.securityfocus.com/archive/1/366198 | ||||||
Whiteboard: | B1 [kernel] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Sune Kloppenborg Jeppesen (RETIRED)
2004-06-16 22:02:12 UTC
grsec-sources-2.4.26.2.0-r4 patched Created attachment 33426 [details, diff]
2.4.26-i2cproc_bus_read.patch
There is no such security problem, that "announcement" was wrong. size_t is unsigned so it can't be negative. I have told the announcer about this and he has recanted. This is not a bug. Thanks Greg for your input. It's not the first bogus advisory by Shaun Colley, we should double-check future advisories coming from him. solar: you might want to back out your patch on grsec-sources. yanked the patch.. |