An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access. References: https://bugzilla.kernel.org/show_bug.cgi?id=194061 https://marc.info/?t=150409582700003&r=1&w=2 https://marc.info/?t=150409994400005&r=1&w=2 Suggested upstream patch: https://patchwork.kernel.org/patch/9929625/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1487127]
Statement: This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. This flaw is not planned to be addressed in future releases of the products listed as the flaw is not exploitable by a non-privileged user.