[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[CVE-2017-8831] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [CVE-2017-8831] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c
From: wpengfeinudt@xxxxxxxxx
Date: Sat, 24 Jun 2017 01:21:07 GMT

Hi all,

I found this double-fetch vulnerability when I was doing my research on double 
fetch issue analysis, and I?d like to make an announcement here. 

This was found in Linux kernel file 
Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c. The kernel (driver) use 
memcpy_fromio() to fetch twice the same block of device data from I/O memory to 
the kernel, and malicious data change by the peripheral device between the two 
fetches will cause data inconsistency for the kernel use, which will lead to 
consequences like array over-access on the kernel buffer.
===========================================
1. Affected Versions: Linux Kernel 4.10.1 and earlier versions.

2. Detailed description: Kernel Bugzilla: 
https://bugzilla.kernel.org/show_bug.cgi?id=195559

3. Patch: This has been confirmed by the maintainers and patched:
https://github.com/stoth68000/media-tree/commit/354dd3924a2e43806774953de536257548b5002c

4. CVE: The Common Vulnerabilities and Exposures (CVE) project has assigned the 
name CVE-2017-8831 to this issue. 

Kind regards
Pengfei Wang

Prev by Date: [CVE-2017-8813] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c
Next by Date: Microsoft Skype v7.2, v7.35 & v7.36 - Stack Buffer Overflow Vulnerability
Previous by thread: [CVE-2017-8813] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c
Next by thread: [CVE-2017-8831] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c
Index(es):
- Date
- Thread