[Bug 110801] New: Security Issure:

linux-scsi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [Bug 110801] New: Security Issure:
@ 2016-01-14 10:24 bugzilla-daemon
  2016-01-14 10:26 ` [Bug 110801] Security Issure: query_disk in aacraid bugzilla-daemon
  2016-01-14 10:34 ` bugzilla-daemon
  0 siblings, 2 replies; 3+ messages in thread
From: bugzilla-daemon @ 2016-01-14 10:24 UTC (permalink / raw)
  To: linux-scsi

https://bugzilla.kernel.org/show_bug.cgi?id=110801

            Bug ID: 110801
           Summary: Security Issure:
           Product: IO/Storage
           Version: 2.5
    Kernel Version: 4.3.3
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: SCSI
          Assignee: linux-scsi@vger.kernel.org
          Reporter: brave_shi@163.com
        Regression: No

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Bug 110801] Security Issure: query_disk in aacraid
  2016-01-14 10:24 [Bug 110801] New: Security Issure: bugzilla-daemon
@ 2016-01-14 10:26 ` bugzilla-daemon
  2016-01-14 10:34 ` bugzilla-daemon
  1 sibling, 0 replies; 3+ messages in thread
From: bugzilla-daemon @ 2016-01-14 10:26 UTC (permalink / raw)
  To: linux-scsi

https://bugzilla.kernel.org/show_bug.cgi?id=110801

Yong  Shi <brave_shi@163.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Security Issure:            |Security Issure: query_disk
                   |                            |in aacraid
           Severity|normal                      |high

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Bug 110801] Security Issure: query_disk in aacraid
  2016-01-14 10:24 [Bug 110801] New: Security Issure: bugzilla-daemon
  2016-01-14 10:26 ` [Bug 110801] Security Issure: query_disk in aacraid bugzilla-daemon
@ 2016-01-14 10:34 ` bugzilla-daemon
  1 sibling, 0 replies; 3+ messages in thread
From: bugzilla-daemon @ 2016-01-14 10:34 UTC (permalink / raw)
  To: linux-scsi

https://bugzilla.kernel.org/show_bug.cgi?id=110801

--- Comment #1 from Yong  Shi <brave_shi@163.com> ---
aachba.c

 line 2856: Calling function copy_from_user taints argument qd

 line 2858: if the attacker set the qd.cnum to -1 , the attacker could set the 
qd.cnum to anyvalue ( line 2859 qd.cnum = qd.id)

 line 2871:  Untrusted pointer read  fsa_dev_ptr[qd.cnum]

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-01-14 10:34 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-01-14 10:24 [Bug 110801] New: Security Issure: bugzilla-daemon
2016-01-14 10:26 ` [Bug 110801] Security Issure: query_disk in aacraid bugzilla-daemon
2016-01-14 10:34 ` bugzilla-daemon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).