Headline
CVE-2013-2850: iscsi-target: fix heap buffer overflow on error · torvalds/linux@cea4dcf
Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet.
Permalink
Browse files
iscsi-target: fix heap buffer overflow on error
If a key was larger than 64 bytes, as checked by iscsi_check_key(), the error response packet, generated by iscsi_add_notunderstood_response(), would still attempt to copy the entire key into the packet, overflowing the structure on the heap.
Remote preauthentication kernel memory corruption was possible if a target was configured and listening on the network.
CVE-2013-2850
Signed-off-by: Kees Cook [email protected] Cc: [email protected] Signed-off-by: Nicholas Bellinger [email protected]
- Loading branch information