Multiple integer signedness errors in net/rose/af_rose.c in the Linux
kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial
of service (heap memory corruption) or possibly have unspecified other
impact via a rose_getname function call, related to the rose_bind and
Dan Rosenberg discovered that the ROSE driver did not correctly check
parameters. A local attacker with access to a ROSE network device could
exploit this to crash the system or possibly gain root privileges.
Updated: 2015-07-29 20:38:53 UTC (commit 9756)