On Fri, Sep 01, 2017 at 02:00:48PM +0800, Dison River wrote:
> newFwSize = ALIGN(karg.newImageSize, 4);
This is an integer overflow, but it's harmless... As a static checker
developer this is where I would print a warning:
drivers/message/fusion/mptctl.c:1748 mptctl_replace_fw() warn: potenti
On Thu, Aug 31, 2017 at 11:00 PM, Dison River wrote:
> Hi:
> Buffer overflow in the mptctl_replace_fw() function in linux kernel
> MPT ioctl driver.
>
> In mptctl_replace_fw function, kernel didn't check the size of
> "newFwSize" variable allows attackers
Hi:
Buffer overflow in the mptctl_replace_fw() function in linux kernel
MPT ioctl driver.
In mptctl_replace_fw function, kernel didn't check the size of
"newFwSize" variable allows attackers to cause a denial of service via
unspecified vectors that trigger copy_from_user func
3 matches
Mail list logo
