Bug 88740

Summary:

Kernel: sysfs_write_file() integer overflow (CAN-2005-0867)

Product:

Gentoo Security

Reporter:

Thierry Carrez (RETIRED) <koon>

Component:

Kernel

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

normal

CC:

security-kernel

Priority:

High

Version:

unspecified

Hardware:

All

OS:

All

Whiteboard:

[linux >=2.6 < 2.6.11]

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
Patch	none

Description Thierry Carrez (RETIRED) gentoo-dev

2005-04-11 09:07:02 UTC

From Ubuntu's latest:

Alexander Nyberg discovered an integer overflow in the sysfs_write_file() function. A local attacker could exploit this to crash the kernel or possibly even execute arbitrary code with root privileges by writing to an user-writable file in /sys under certain low-memory conditions. However, there are very few cases where a user-writeable sysfs file actually exists. (CAN-2005-0867)

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2005-04-15 15:00:14 UTC

Created attachment 56386 [details, diff]
Patch

Comment 2 Joshua Kinard gentoo-dev

2005-04-23 22:29:40 UTC

mips-sources fixed.

Comment 3 Daniel Drake (RETIRED) gentoo-dev

2005-04-27 13:46:49 UTC

gentoo-sources-2.6 unaffected

Comment 4 Robert Paskowitz (RETIRED) gentoo-dev

2005-05-17 16:41:14 UTC

Should be all fixed. http://kiss.gentoo.org/dev/viewBug.php?BugID=88740

Comment 5 Tim Yamin (RETIRED) gentoo-dev

2005-05-27 11:41:21 UTC

All fixed, closing bug.