On Wed, Aug 30, 2017 at 6:12 AM, Greg KH wrote:
> On Wed, Aug 30, 2017 at 03:21:07PM +0300, Dan Carpenter wrote:
>> The value of "size" comes from the user. When we add "start + size"
>> it could lead to an integer overflow bug.
>>
>> It means we vmalloc() a lot more memory than
On Wed, Aug 30, 2017 at 03:21:07PM +0300, Dan Carpenter wrote:
> The value of "size" comes from the user. When we add "start + size"
> it could lead to an integer overflow bug.
>
> It means we vmalloc() a lot more memory than we had intended. I believe
> that on 64 bit systems vmalloc() can
On Wed, Aug 30, 2017 at 08:28:52PM +0800, shqking wrote:
> Hi,
>
> Glad to see it is fixed.
>
> Can I apply for a CVE ID for this bug?
>
We don't handle that on this list. You'd need to ask on
oss-secur...@lists.openwall.com.
regards,
dan carpenter
The value of "size" comes from the user. When we add "start + size"
it could lead to an integer overflow bug.
It means we vmalloc() a lot more memory than we had intended. I believe
that on 64 bit systems vmalloc() can succeed even if we ask it to
allocate huge 4GB buffers. So we would get
4 matches
Mail list logo