retired/CVE-2007-6694


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

Candidate: CVE-2007-6694
Description: 
 The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21
 through 2.6.18-53, when running on PowerPC, might allow local users
 to cause a denial of service (crash) via unknown vectors that cause
 the of_get_property function to fail, which triggers a NULL pointer
 dereference. 
References: 
 http://marc.info/?l=linux-kernel&m=119576191029571&w=2
Ubuntu-Description: 
 It was discovered that PowerPC kernels did not correctly handle reporting
 certain system details.  By requesting a specific set of information,
 a local attacker could cause a system crash resulting in a denial
 of service.
Notes: 
 jmm> This appears more of a regular bug with a specific piece of hw
 jmm> than a security problem. Do we support the chrp POWER platform?
Bugs: 
upstream: 
linux-2.6: 
2.6.18-etch-security: released (2.6.18.dfsg.1-18etch2) [bugfix/powerpc-chrp-null-deref.patch]
2.6.8-sarge-security: released (2.6.8-17sarge2) [powerpc-chrp-null-deref.dpatch]
2.4.27-sarge-security: released (2.4.27-10sarge6) [265_powerpc-chrp-null-deref.diff]
2.6.15-dapper-security: released (2.6.15-52.67)
2.6.17-edgy-security: ignored (EOL)
2.6.20-feisty-security: released (2.6.20-17.36)
2.6.22-gutsy-security: released (2.6.22-15.54)
2.6.24-hardy-security: released (2.6.24-19.34)