summaryrefslogtreecommitdiffstats
path: root/arch/arm/configs/badge4_defconfig
diff options
context:
space:
mode:
authorMatt Mackall <mpm@selenic.com>2007-07-19 20:30:14 +0200
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-07-19 23:21:04 +0200
commit5a021e9ffd56c22700133ebc37d607f95be8f7bd (patch)
tree0d289c7feec4e7b3b19c7c312e8cb31532c5b9c9 /arch/arm/configs/badge4_defconfig
parentMerge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/gi... (diff)
downloadlinux-5a021e9ffd56c22700133ebc37d607f95be8f7bd.tar.xz
linux-5a021e9ffd56c22700133ebc37d607f95be8f7bd.zip
random: fix bound check ordering (CVE-2007-3105)
If root raised the default wakeup threshold over the size of the output pool, the pool transfer function could overflow the stack with RNG bytes, causing a DoS or potential privilege escalation. (Bug reported by the PaX Team <pageexec@freemail.hu>) Cc: Theodore Tso <tytso@mit.edu> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'arch/arm/configs/badge4_defconfig')
0 files changed, 0 insertions, 0 deletions