[Bug 110801] Security Issure: query_disk in aacraid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

https://bugzilla.kernel.org/show_bug.cgi?id=110801

--- Comment #1 from Yong  Shi <brave_shi@xxxxxxx> ---
aachba.c

 line 2856: Calling function copy_from_user taints argument qd

 line 2858: if the attacker set the qd.cnum to -1 , the attacker could set the 
qd.cnum to anyvalue ( line 2859 qd.cnum = qd.id)

 line 2871:  Untrusted pointer read  fsa_dev_ptr[qd.cnum]

-- 
You are receiving this mail because:
You are the assignee for the bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux