blob: e345f7e2fbb0878aa1d1de0d3a7bc9a17b0f2ea6 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
Candidate: CVE-2006-2448
References:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7c85d1f9d358b24c5b05c3a2783a78423775a080
Description:
Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not
perform certain required access_ok checks, which allows local users to read
arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of
service (crash) and possibly read kernel memory on 32-bit systems
(signal_32.c).
Notes:
dannf> Code has changed significantly since 2.6.8, its not clear to me
if this fix is needed or how to apply it.
Bugs:
upstream: released (2.6.16.21)
linux-2.6: released (2.6.16-15)
2.6.8-sarge-security: ignored (2.6.8-16sarge5)
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
2.6.18-etch-security: N/A
|