Red Hat Bugzilla – Bug 144520
2.6 scsi ioctl integer overflow and information leak
Last modified: 2015-01-04 17:15:01 EST
*** This bug has been split off bug 144519 ***
------- Original comment by Josh Bressers (Security Response Team) on 2005.01.07
grsecurity announcement to full-disclosure
It would seem that user input controlls the integers being overflowed. It looks
like a malicious user should be able to alter kernel memory.
The fix for this issue is in attachment 109500 [details]
This issue does not affect the 2.4 kernel. I copied the wrong text when I filed
this. I'm just closing it.