Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel 2.6.0 |
||
linux linux kernel 2.6.1 |
||
linux linux kernel 2.6.11.3 |
||
linux linux kernel 2.6.11.4 |
||
linux linux kernel 2.6.11 |
||
linux linux kernel 2.6.12 |
||
linux linux kernel 2.6.7 |
||
linux linux kernel 2.6_test9_cvs |
||
linux linux kernel 2.6.11.1 |
||
linux linux kernel 2.6.11.2 |
||
linux linux kernel 2.6.6 |
||
linux linux kernel 2.6.8 |
||
linux linux kernel 2.6.9 |
||
linux linux kernel 2.6.10 |
||
linux linux kernel 2.6.11.5 |
||
linux linux kernel 2.6.11.6 |
||
linux linux kernel 2.6.2 |
||
linux linux kernel 2.6.3 |
||
linux linux kernel 2.6.8.1 |
||
linux linux kernel 2.6.11.7 |
||
linux linux kernel 2.6.11.8 |
||
linux linux kernel 2.6.4 |
||
linux linux kernel 2.6.5 |