diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2009-12-02 21:14:39 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2009-12-02 21:14:39 +0000 |
commit | 79127cfd9d3a7cf74b4a1f4d6792edcd25f7594a (patch) | |
tree | 561aefc8c662928bc1b3a49d14df38e9a06558f1 /retired/CVE-2009-3888 | |
parent | ff3c22a7cb6580e0e09f0208ce563dd3cdbcf8bb (diff) |
retire issue
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1626 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2009-3888')
-rw-r--r-- | retired/CVE-2009-3888 | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/retired/CVE-2009-3888 b/retired/CVE-2009-3888 new file mode 100644 index 00000000..67031c32 --- /dev/null +++ b/retired/CVE-2009-3888 @@ -0,0 +1,25 @@ +Candidate: CVE-2009-3888 +Description: + Don't pass NULL pointers to fput() in the error handling paths of the + NOMMU do_mmap_pgoff() as it can't handle it. + . + The following can be used as a test program: + int main() { static long long a[1024 * 1024 * 20] = { 0 }; return a;} + . + Without the patch, the code oopses in atomic_long_dec_and_test() as + called by fput() after the kernel complains that it can't allocate + that big a chunk of memory. With the patch, the kernel just complains + about the allocation size and then the program segfaults during execve() + as execve() can't complete the allocation of all the new ELF program + segments. +References: + http://www.openwall.com/lists/oss-security/2009/11/09/2 + http://xorl.wordpress.com/2009/11/05/linux-kernel-nommu-fput-null-pointer-dereference/ +Notes: +Bugs: +upstream: released (2.6.32-rc6) [89a8640279f8bb78aaf778d1fc5c4a6778f18064] +2.6.31-upstream-stable: released (2.6.31.6) +linux-2.6: released (2.6.31-2) [bugfix/all/stable/2.6.31.6.patch] +2.6.18-etch-security: ignored "needs port, only affects system w/o an mmu" +2.6.24-etch-security: ignored "needs port, only affects system w/o an mmu" +2.6.26-lenny-security: ignored "needs port, only affects system w/o an mmu" |