blob: 28fc5ce6970f6ff06215a193e60677ca5b300f1b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Candidate: CVE-2009-3234
Description:
"If we pass a big size data over perf_counter_open() syscall, the kernel
will copy this data to a small buffer, it will cause kernel crash."
References:
http://www.openwall.com/lists/oss-security/2009/09/16/1
Ubuntu-Description:
Notes:
kernel/perf_counter.c was introduced in commit 0793a61d (v2.6.31-rc1)
brad spengler has working exploit code for this one, so high-urgency
Bugs:
upstream: released (2.6.31.1) [986ddf533c1dd6852196182084aefe1ca9eda34e], pending (2.6.32-rc2) [b3e62e3]
linux-2.6: released (2.6.31-1)
2.6.18-etch-security: N/A "vulnerable code not present"
2.6.24-etch-security: N/A "vulnerable code not present"
2.6.26-lenny-security: N/A "vulnerable code not present"
2.6.15-dapper-security:
2.6.22-gutsy-security:
2.6.24-hardy-security:
2.6.27-intrepid-security:
|