• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Linux Kernel Broadcom 5820 Cryptonet Driver Integer Overflow Vulnerability

It is reported that the bcm5820 Linux kernel driver contains an integer overflow vulnerability.

The driver contains a function ubsec_ioctl() which is used to setup operating parameters for the driver. This function takes user-supplied data and copies it into kernel-space. When copying this data, a user-supplied length value is used in a calculation. This calculation could cause an integer overflow when allocating buffer space.

This vulnerability could lead to a system crash, or possible code execution in the context of the kernel.

This driver is not present in the vanilla Linux kernel, nor is it standard in most distributions of Linux. Redhat 8, with Linux kernel 2.4.20 is confirmed to include the vulnerable driver, but others are also potentially vulnerable.