blob: e1c7124639e5f195582c2583287c87d47a29378c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Candidate: CVE-2007-4133
References:
http://git.kernel.org/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=856fc29505556cf263f3dcda2533cf3766c14ab6
https://bugzilla.redhat.com/show_bug.cgi?id=253926
Description:
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
units, which allows local users to cause a denial of service (panic)
via unspecified vectors.
Ubuntu-Description:
Certain calculations in the hugetlb code were not correct. A local
attacker could exploit this to cause a kernel panic, leading to a denial
of service.
Notes:
jmm> 2.4 doesn't contain hugetlbfs
Bugs:
upstream: released (2.6.19)
linux-2.6: released (2.6.20-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/hugetlb-prio_tree-unit-fix.patch]
2.6.8-sarge-security: released (2.6.8-17sarge1) [hugetlb-prio_tree-unit-fix.dpatch]
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-29.61)
2.6.17-edgy-security: released (2.6.17.1-12.42)
2.6.20-feisty-security: N/A
2.6.22-gutsy-security: N/A
|