Red Hat Bugzilla – Bug 126409
CAN-2004-0075 Vicam USB user/kernel copying (ipf)
Last modified: 2013-08-05 21:07:01 EDT
"The Vicam USB driver does not use the copy_from_user function when
copying data from userspace to kernel space, which crosses security
boundaries and allows local users to cause a denial of service."
Only affects Red Hat Advanced Workstation/Advanced Server (ipf)
patches and details at:
NOTABUG. There is no vicam driver in 2.1AS i386 (pensacola), and the
driver in 2.1AS ia64 already uses copy_from_user/copy_to_user.
Agreed, this is fixed in the upstream 2.4.18
For completeness the reason for this confusion is that Alan Cox fixed
this missing copy_*_user in 2.4.25. However the problem was caused by
a n earlier commit, so only 2.4.21, 2.4.22, 2.4.23, 2.4.24 were