Candidate: CVE-2007-4133 References: http://git.kernel.org/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=856fc29505556cf263f3dcda2533cf3766c14ab6 https://bugzilla.redhat.com/show_bug.cgi?id=253926 Description: The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors. Ubuntu-Description: Certain calculations in the hugetlb code were not correct. A local attacker could exploit this to cause a kernel panic, leading to a denial of service. Notes: jmm> 2.4 doesn't contain hugetlbfs Bugs: upstream: released (2.6.19) linux-2.6: released (2.6.20-1) 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/hugetlb-prio_tree-unit-fix.patch] 2.6.8-sarge-security: released (2.6.8-17sarge1) [hugetlb-prio_tree-unit-fix.dpatch] 2.4.27-sarge-security: N/A 2.6.15-dapper-security: released (2.6.15-29.61) 2.6.17-edgy-security: released (2.6.17.1-12.42) 2.6.20-feisty-security: N/A 2.6.22-gutsy-security: N/A