Description
Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions.
Product(s):
- Linux Kernel 2.6.0
- Linux Kernel 2.6 test10
- Linux Kernel 2.6 test11
- Linux Kernel 2.6 test1
- Linux Kernel 2.6 test2
- Linux Kernel 2.6 test3
- Linux Kernel 2.6 test4
- Linux Kernel 2.6 test5
- Linux Kernel 2.6 test6
- Linux Kernel 2.6 test7
- Linux Kernel 2.6 test8
- Linux Kernel 2.6 test9
- Linux Kernel 2.6.10
- Linux Kernel 2.6.10 Release Candidate 1
- Linux Kernel 2.6.10 Release Candidate 2
- Linux Kernel 2.6.10 Release Candidate 3
- Linux Kernel 2.6.11.1
- Linux Kernel 2.6.11.2
- Linux Kernel 2.6.11.3
- Linux Kernel 2.6.11.4
- Linux Kernel 2.6.11.5
- Linux Kernel 2.6.11.6
- Linux Kernel 2.6.11.7
- Linux Kernel 2.6.11.8
- Linux Kernel 2.6.11
- Linux Kernel 2.6.11 Release Candidate 1
- Linux Kernel 2.6.11 Release Candidate 2
- Linux Kernel 2.6.11 Release Candidate 3
- Linux Kernel 2.6.11 Release Candidate 4
- Linux Kernel 2.6.11 Release Candidate 5
- Linux Kernel 2.6.12 Release Candidate 1
- Linux Kernel 2.6.12 Release Candidate 4
- Linux Kernel 2.6.1
- Linux Kernel 2.6.1 Release Candidate 1
- Linux Kernel 2.6.1 Release Candidate 2
- Linux Kernel 2.6.1 Release Candidate 3
- Linux Kernel 2.6.2
- Linux Kernel 2.6.2 Release Candidate 1
- Linux Kernel 2.6.2 Release Candidate 2
- Linux Kernel 2.6.2 Release Candidate 3
- Linux Kernel 2.6.3
- Linux Kernel 2.6.3 Release Candidate 1
- Linux Kernel 2.6.3 Release Candidate 2
- Linux Kernel 2.6.3 Release Candidate 3
- Linux Kernel 2.6.3 Release Candidate 4
- Linux Kernel 2.6.4
- Linux Kernel 2.6.4 Release Candidate 1
- Linux Kernel 2.6.4 Release Candidate 2
- Linux Kernel 2.6.4 Release Candidate 3
- Linux Kernel 2.6.5
- Linux Kernel 2.6.5 Release Candidate 1
- Linux Kernel 2.6.5 Release Candidate 2
- Linux Kernel 2.6.5 Release Candidate 3
- Linux Kernel 2.6.6
- Linux Kernel 2.6.6 Release Candidate 1
- Linux Kernel 2.6.6 Release Candidate 2
- Linux Kernel 2.6.6 Release Candidate 3
- Linux Kernel 2.6.7
- Linux Kernel 2.6.7 Release Candidate 1
- Linux Kernel 2.6.7 Release Candidate 2
- Linux Kernel 2.6.7 Release Candidate 3
- Linux Kernel 2.6.8.1
- Linux Kernel 2.6.8
- Linux Kernel 2.6.8 Release Candidate 1
- Linux Kernel 2.6.8 Release Candidate 2
- Linux Kernel 2.6.8 Release Candidate 3
- Linux Kernel 2.6.8 Release Candidate 4
- Linux Kernel 2.6.9 2.6.20
- Linux Kernel 2.6 Test 9 CVS
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-0180, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-0180 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.