diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2012-07-20 13:47:02 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2012-07-20 13:47:02 +0000 |
commit | 031e03ed5587e09ab8ca6aaf1f6624e20022ce0f (patch) | |
tree | 3a92538299a383bf1ef8d5beb63cb44e3da14ba9 /retired/CVE-2011-1747 | |
parent | e6dd4f81278c554666899276fdad11826c91a9c9 (diff) |
retire issue
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@2723 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2011-1747')
-rw-r--r-- | retired/CVE-2011-1747 | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/retired/CVE-2011-1747 b/retired/CVE-2011-1747 new file mode 100644 index 00000000..43781d58 --- /dev/null +++ b/retired/CVE-2011-1747 @@ -0,0 +1,20 @@ +Candidate: CVE-2011-1747 +Description: + > Another problem in agp code is not addressed in the patch - kernel + > memory exhaustion (AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls). It is not + > checked whether requested pid is a pid of the caller (no check in + > agpioc_reserve_wrap()). + > Each allocation is limited to 16KB, though, there is no per-process + > limit. This might lead to OOM situation, which is not even solved in case of + > the caller death by OOM killer - the memory is allocated for another + > (faked) process." +References: +Notes: + jmm> This can only be triggered by root-equivalent privileges +Bugs: +upstream: needed "no upstream fix as of 2011.08.08" +2.6.32-upstream-stable: needed "no upstream fix as of 2011.06.20" +sid: needed "no upstream fix as of 2011.06.20" +2.6.26-lenny-security: needed "no upstream fix as of 2011.06.20" +2.6.32-squeeze-security: needed "no upstream fix as of 2011.06.20" +3.2-upstream-stable: needed "no upstream fix as of 2011.06.20" |