Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:s390/pkey: Prevent overflow in size calculation for memdup_user()Number of apqn target list entries contained in 'nr_apqns' variable isdetermined by userspace via an ioctl call so the result of the product incalculation of size passed to memdup_user() may overflow.In this case the actual size of the allocated area and the valuedescribing it won't be in sync leading to various types of unpredictablebehaviour later.Use a proper memdup_array_user() helper which returns an error if anoverflow is detected. Note that it is different from when nr_apqns isinitially zero - that case is considered valid and should be handled insubsequent pkey_handler implementations.Found by Linux Verification Center (linuxtesting.org).
No PoCs from references.
- https://github.com/w4zu/Debian_security