[kernel-sec-discuss] r2283 - active

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Apr 27 07:21:56 UTC 2011 

Author: jmm
Date: 2011-04-27 07:21:55 +0000 (Wed, 27 Apr 2011)
New Revision: 2283

Added:
   active/CVE-2011-1745
   active/CVE-2011-1746
   active/CVE-2011-1747
Log:
three new AGP issues


Added: active/CVE-2011-1745
===================================================================
--- active/CVE-2011-1745	                        (rev 0)
+++ active/CVE-2011-1745	2011-04-27 07:21:55 UTC (rev 2283)
@@ -0,0 +1,10 @@
+Candidate: CVE-2011-1745
+Description: agp buffer overflow
+References:
+Notes:
+Bugs:
+upstream: released (2.6.39-rc5) [194b3da873fd334ef183806db751473512af29ce]
+2.6.32-upstream-stable: needed
+linux-2.6: needed
+2.6.26-lenny-security:
+2.6.32-squeeze-security: needed

Added: active/CVE-2011-1746
===================================================================
--- active/CVE-2011-1746	                        (rev 0)
+++ active/CVE-2011-1746	2011-04-27 07:21:55 UTC (rev 2283)
@@ -0,0 +1,10 @@
+Candidate: CVE-2011-1746
+Description: agp OOM and buffer overflow
+References:
+Notes:
+Bugs:
+upstream: released (2.6.39-rc5) [b522f02184b413955f3bc952e3776ce41edc6355]
+2.6.32-upstream-stable: needed
+linux-2.6: needed
+2.6.26-lenny-security:
+2.6.32-squeeze-security: needed

Added: active/CVE-2011-1747
===================================================================
--- active/CVE-2011-1747	                        (rev 0)
+++ active/CVE-2011-1747	2011-04-27 07:21:55 UTC (rev 2283)
@@ -0,0 +1,18 @@
+Candidate: CVE-2011-1747
+Description:
+ > Another problem in agp code is not addressed in the patch - kernel
+ > memory exhaustion (AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls). It is not
+ > checked whether requested pid is a pid of the caller (no check in
+ > agpioc_reserve_wrap()).
+ > Each allocation is limited to 16KB, though, there is no per-process
+ > limit. This might lead to OOM situation, which is not even solved in case of
+ > the caller death by OOM killer - the memory is allocated for another
+ > (faked) process."
+References:
+Notes:
+Bugs:
+upstream: needed
+2.6.32-upstream-stable: needed
+linux-2.6: needed
+2.6.26-lenny-security: needed
+2.6.32-squeeze-security: needed

More information about the kernel-sec-discuss mailing list