Candidate: CVE-2009-2846
Description:
Description:
 parisc: isa-eeprom missing lower bound check
 .
 loff_t is a signed type. If userspace passes a negative ppos, the
 "count" range check is weakened. If ppos is negative, the readb() later
 in the function will poke in random memory. Only affects if you are
 using a PA-RISC kernel with CONFIG_EISA set.
References:
Ubuntu-Description:
Notes:
Bugs:
upstream: released (2.6.31-rc6) [6b4dbcd8]
linux-2.6: released (2.6.30-6) [bugfix/parisc/isa-eeprom-fix-loff_t-usage.patch]
2.6.18-etch-security: released (2.6.18.dfsg.1-24etch4) [bugfix/hppa/isa-eeprom-fix-loff_t-usage.patch]
2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/hppa/isa-eeprom-fix-loff_t-usage.patch]
2.6.26-lenny-security: released (2.6.26-19) [bugfix/parisc/isa-eeprom-fix-loff_t-usage.patch]