Bug 688898 (CVE-2011-1169)

Summary: CVE-2011-1169 kernel: check adapter index in hpi_ioctl
Product: [Other] Security Response Reporter: Petr Matousek <pmatouse>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: arozansk, dhoward, kernel-mgr, peterm
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-19 21:47:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Petr Matousek 2011-03-18 12:45:29 UTC
Description of the problem:
The user-supplied index into the adapters array needs to be checked, or
an out-of-bounds kernel pointer could be accessed and used, leading to
potentially exploitable memory corruption.


Upstream commit:

Red Hat would like to thank Dan Rosenberg for reporting this issue.

Comment 1 Petr Matousek 2011-03-18 12:48:07 UTC

The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and
Red Hat Enterprise MRG are not affected as they did not backport upstream
commit 719f82d3 that introduced this issue.