Red Hat Bugzilla – Bug 377591
CVE-2007-5908 Buffer overflow in the (1) sysfs_show_available_clocksources and (2) sysfs_show_current_clocksources functions in Linux kernel
Last modified: 2015-01-04 17:30:07 EST
Description of problem:
Buffer overflow in the (1) sysfs_show_available_clocksources and (2)
sysfs_show_current_clocksources functions in Linux kernel 2.6.23 and
earlier might allow local users to cause a denial of service or
execute arbitrary code via crafted clock source names. (CVE-2007-5908).
This does not look like it can actually happen. The list of available
clocksources is very short and they all have short names.
So far looks like nothing committed upstream on this one, either.
Re: c#3: Chuck so this means, you don't want to fix this one?
Re: c#4: Eric, maybe you could initiate the commit to RH kernel mailing list?
Based on c#3 and further investigation closing this one as WONTFIX.