QwikSec

Security Database

CVE

CWE

Training

CVE-2009-2846

Published: Aug 18, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20090810 CVE request: kernel: parisc: isa-eeprom missing lower bound check

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_MANDRIVA

kernel-eisaeepromread-sec-bypass(52906)

vdb-entry

x_refsource_XF

[oss-security] 20090818 Re: CVE request: kernel: parisc: isa-eeprom missing lower bound check

mailing-list

x_refsource_MLIST

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=6b4dbcd86a9d464057fcc7abe4d0574093071fcc

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.