Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 281999 (CVE-2009-2846) - Kernel: parisc isa-eeprom eisa_eeprom_read() memory disclosure (CVE-2009-2846)
Summary: Kernel: parisc isa-eeprom eisa_eeprom_read() memory disclosure (CVE-2009-2846)
Status: RESOLVED FIXED
Alias: CVE-2009-2846
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: HPPA Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://git.kernel.org/?p=linux/kernel...
Whiteboard: [ linux < 2.6.31 ]
Keywords:
Depends on: 305733 307847
Blocks:
  Show dependency tree
 
Reported: 2009-08-19 09:20 UTC by Alex Legler (RETIRED)
Modified: 2020-04-10 11:36 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-08-19 09:20:30 UTC
CVE-2009-2846 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2846):
  The eisa_eeprom_read function in the parisc isa-eeprom component
  (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6
  allows local users to access restricted memory via a negative ppos
  argument, which bypasses a check that assumes that ppos is positive
  and causes an out-of-bounds read in the readb function.
Comment 1 Jeroen Roovers gentoo-dev 2010-04-17 15:26:55 UTC
I believe the bug is fixed in the more recently stable kernels.
Comment 2 Guy Martin (RETIRED) gentoo-dev 2010-08-02 18:50:38 UTC
vanilla-sources 2.6.32.9 stable from some time already.

Shall I close ?
Comment 3 Agostino Sarubbo gentoo-dev 2013-01-14 15:14:02 UTC
The work for hppa is done. CC back if security needs something.
Comment 4 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-11-29 23:47:41 UTC
No vulnerable sources left in tree.