summaryrefslogtreecommitdiffstats
path: root/retired/CVE-2005-4811
blob: 3d40676dfd4197ba7aeba0a2045d1a82bdd8182e (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Candidate: CVE-2005-4811
References: 
 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c7546f8f03f5a4fa612605b6be930234d6026860
Description: hugetlb dos
Ubuntu-Description:
 David Gibson discovered a Denial of Service vulnerability in the
 unmap_hugepage_area() function. By calling mmap() in a special way, a
 local user could exploit this to crash the kernel.
Notes:
 - Pretty old fix, applied upstream in 2.6.11 or 2.6.12.
 - 2.6.10 and older have function in arch-specific
   arch/*/mm/hugetlbpage.c, thus requires some manual porting work
 dannf> In Debian's 2.4.27, the only existance of this function is in
        ia64 code, which already has the proper check
Bugs: 
upstream: released (2.6.13)
linux-2.6: released (2.6.13-1)
2.6.8-sarge-security: released (2.6.8-16sarge7) [unmap_hugepage_area-check-null-pte.dpatch]
2.4.27-sarge-security: N/A
2.6.12-breezy-security: released
2.6.15-dapper-security: released
2.6.17-edgy: released
2.6.18-etch-security: N/A

© 2014-2024 Faster IT GmbH | imprint | privacy policy