Note:
This project will be discontinued after December 13, 2021. [more]
2018-01-11
In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).
| Products | Ubuntu_linux, Debian_linux, Linux_kernel |
| Type | Out-of-bounds Write (CWE-787) |
| First patch |
https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c |
| Patches |
• https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c |
| Relevant file/s | ./net/rds/rdma.c (modified, +3) |
| Links |
• https://usn.ubuntu.com/3617-3/
• https://usn.ubuntu.com/3617-1/ • https://usn.ubuntu.com/3619-2/ • https://www.debian.org/security/2018/dsa-4187 • https://usn.ubuntu.com/3620-2/ |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: