blob: e8ac6da3188029b7011257e1ae2549811b3ca550 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Candidate: CVE-2007-2875
References:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commit;h=85badbdf5120d246ce2bb3f1a7689a805f9c9006
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4
Description:
Integer underflow in the cpuset_tasks_read function in the Linux kernel
before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem
is mounted, allows local users to obtain kernel memory contents by using a
large offset when reading the /dev/cpuset/tasks file.
Ubuntu-Description:
An integer underflow was discovered in the cpuset filesystem. If mounted,
local attackers could obtain kernel memory using large file offsets while
reading the tasks file. This could disclose sensitive data.
Notes:
Use simple_read_from_buffer to avoid possible underflow in
cpuset_tasks_read which could allow user to read kernel memory.
Bugs:
upstream: released (2.6.21.4)
linux-2.6: released (2.6.21-5)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch2) [bugfix/cpuset_tasks-underflow.patch]
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39) [1448fa0c7be21a3c6c31b20d19a8ecfafdfea143]
2.6.20-feisty-security: released (2.6.20-16.31) [b07fd0532409fb2332562abc2254376222d1e913]
|