blob: a89f6951c0d8f3f59b7fea225c1263644ec6bc5a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Candidate: CVE-2006-5649
References:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4393c4f6788cee65095dd838cfeca6edefbfeb52
Description:
The alignment exception used to only check the exception table for
-EFAULT, not for other errors. That opens an oops window if we can
coerce the kernel into getting an alignment exception for other
reasons in what would normally be a user-protected accessor, which
can be done via some of the futex ops. This fixes it by always
checking the exception tables.
Ubuntu-Description:
Fabio Massimo Di Nitto discovered a flaw in the alignment check
exception handling on the powerpc platform. A local attacker could
exploit this to cause a kernel panic and crash the machine.
Notes:
http://ozlabs.org/pipermail/linuxppc-dev/2006-October/027338.html
Bugs:
upstream: released (2.6.19-rc5), released (2.6.18.3)
linux-2.6: released (2.6.18-4)
2.6.8-sarge-security: released (2.6.8-16sarge6) [ppc-alignment-exception-table-check.dpatch]
2.4.27-sarge-security: released (2.4.27-10sarge5) [235_ppc-alignment-exception-table-check.diff]
2.6.12-breezy-security: released (2.6.12-10.41)
2.6.15-dapper-security: released (2.6.15-27.49)
2.6.17-edgy-security: released (2.6.17.1-10.34)
|