Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | * | 2.6.36 (excluding) |
Linux_kernel | Linux | 2.6.36 (including) | 2.6.36 (including) |
Linux_kernel | Linux | 2.6.36-rc1 (including) | 2.6.36-rc1 (including) |
Linux_kernel | Linux | 2.6.36-rc2 (including) | 2.6.36-rc2 (including) |
Linux_kernel | Linux | 2.6.36-rc3 (including) | 2.6.36-rc3 (including) |
Linux_kernel | Linux | 2.6.36-rc4 (including) | 2.6.36-rc4 (including) |
Linux_kernel | Linux | 2.6.36-rc5 (including) | 2.6.36-rc5 (including) |