* [Bug 110801] New: Security Issure:
@ 2016-01-14 10:24 bugzilla-daemon
2016-01-14 10:26 ` [Bug 110801] Security Issure: query_disk in aacraid bugzilla-daemon
2016-01-14 10:34 ` bugzilla-daemon
0 siblings, 2 replies; 3+ messages in thread
From: bugzilla-daemon @ 2016-01-14 10:24 UTC (permalink / raw)
To: linux-scsi
https://bugzilla.kernel.org/show_bug.cgi?id=110801
Bug ID: 110801
Summary: Security Issure:
Product: IO/Storage
Version: 2.5
Kernel Version: 4.3.3
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: SCSI
Assignee: linux-scsi@vger.kernel.org
Reporter: brave_shi@163.com
Regression: No
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread* [Bug 110801] Security Issure: query_disk in aacraid 2016-01-14 10:24 [Bug 110801] New: Security Issure: bugzilla-daemon @ 2016-01-14 10:26 ` bugzilla-daemon 2016-01-14 10:34 ` bugzilla-daemon 1 sibling, 0 replies; 3+ messages in thread From: bugzilla-daemon @ 2016-01-14 10:26 UTC (permalink / raw) To: linux-scsi https://bugzilla.kernel.org/show_bug.cgi?id=110801 Yong Shi <brave_shi@163.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Security Issure: |Security Issure: query_disk | |in aacraid Severity|normal |high -- You are receiving this mail because: You are the assignee for the bug. ^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug 110801] Security Issure: query_disk in aacraid 2016-01-14 10:24 [Bug 110801] New: Security Issure: bugzilla-daemon 2016-01-14 10:26 ` [Bug 110801] Security Issure: query_disk in aacraid bugzilla-daemon @ 2016-01-14 10:34 ` bugzilla-daemon 1 sibling, 0 replies; 3+ messages in thread From: bugzilla-daemon @ 2016-01-14 10:34 UTC (permalink / raw) To: linux-scsi https://bugzilla.kernel.org/show_bug.cgi?id=110801 --- Comment #1 from Yong Shi <brave_shi@163.com> --- aachba.c line 2856: Calling function copy_from_user taints argument qd line 2858: if the attacker set the qd.cnum to -1 , the attacker could set the qd.cnum to anyvalue ( line 2859 qd.cnum = qd.id) line 2871: Untrusted pointer read fsa_dev_ptr[qd.cnum] -- You are receiving this mail because: You are the assignee for the bug. ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-01-14 10:34 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-01-14 10:24 [Bug 110801] New: Security Issure: bugzilla-daemon 2016-01-14 10:26 ` [Bug 110801] Security Issure: query_disk in aacraid bugzilla-daemon 2016-01-14 10:34 ` bugzilla-daemon
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).