blob: 77b44a61ca1a62a614c0573b5cffa8938f9a39f4 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
Candidate: CVE-2005-0977
References:
http://www.ubuntulinux.org/support/documentation/usn/usn-103-1
http://linux.bkbits.net:8080/linux-2.6/cset@420551fbRlv9-QG6Gw9Lw_bKVfPSsg
http://lkml.org/lkml/2005/2/5/111
http://www.securityfocus.com/bid/12970
Description:
The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel
2.6 does not properly verify the address argument, which allows local users
to cause a denial of service (kernel crash) via an invalid address.
Notes:
dannf> 2.4 does look vulnerable, but the 2.6 fix won't work directly because
dannf> 2.4 doesn't have i_size_read(). The 2.6 i_size_read() uses seqlocks,
dannf> which aren't in 2.4, so the port isn't trivial for me.
dannf> Forwarded to Willy Tarreau on 2008.01.17
Bugs: 303177
upstream: released (2.6.11)
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-16) [mm-shmem-truncate.dpatch]
2.4.27-sarge-security: ignored (2.4.27-10sarge6) "need porting help"
2.6.18-etch-security: N/A
|