blob: 81390b21c4e381bdee1a1a215c6f6054c7cf5d5c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Candidate: CVE-2006-2936
References:
http://www.kernel.org/git/?p=linux/kernel/git/gregkh/patches.git;a=blob;h=4b4d9cfea17618b80d3ac785b701faeaf60141f1;hb=396eb2aac5+50ec55856c6843ef9017e800c3d656;f=usb/usb-serial-ftdi_sio-prevent-userspace-dos.patch
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=224654004ca688af67cec44d9300e8c3f647577c
Description:
The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to
2.6.17, and possibly later versions, allows local users to cause a denial of
service (memory consumption) by writing more data to the serial port than the
hardware can handle, which causes the data to be queued.
Ubuntu-Description:
The ftdi_sio driver for serial USB ports did not limit the amount of
pending data to be written. A local user could exploit this to drain
all available kernel memory and thus render the system unusable.
Notes:
jmm> 2.4 not affected due to different memory allocation
Bugs:
upstream: released (2.6.16.26, 2.6.17.7)
linux-2.6: released (2.6.17-5)
2.6.8-sarge-security: released (2.6.8-16sarge5) [usb-serial-ftdi_sio-dos.patch]
2.4.27-sarge-security: N/A
2.6.10-hoary-security: released (2.6.10-34.23)
2.6.12-breezy-security: released (2.6.12-10.37)
2.6.15-dapper-security: released (2.6.15-26.46)
2.6.17-edgy: released
|
