|
|
| |
|
| |
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2009-2908
CVE-2009-2909
CVE-2009-2910
|
| Created: | October 16, 2009 |
Updated: | February 15, 2010 |
| Description: |
From the Red Hat bugzilla: A flaw was found in ecryptfs which can result in a NULL pointer dereference. Quoting the commit message:
When calling vfs_unlink() on the lower dentry, d_delete() turns the
dentry into a negative dentry when the d_count is 1. This eventually
caused a NULL pointer deref when a read() or write() was done and the
negative dentry's d_inode was dereferenced in
ecryptfs_read_update_atime() or ecryptfs_getxattr(). (CVE-2009-2908)
From the Red Hat bugzilla: The ax25 code tried to use
if (optlen < sizeof(int))
return -EINVAL;
as a security check against optlen being negative (or zero) in the set socket option. Unfortunately, "sizeof(int)" is an unsigned property, with the result that the whole comparison is done in unsigned, letting negative values slip through. (CVE-2009-2909)
From the Red Hat bugzilla: An information leak was discovered in the kernel where a 32-bit process running
in 64-bit mode could possibly read certain 64 bit registers. (CVE-2009-2910)
|
| Alerts: |
|
( Log in to post comments)
|
|
|