blob: 43781d587384535f127b176af668203b0ce63916 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Candidate: CVE-2011-1747
Description:
> Another problem in agp code is not addressed in the patch - kernel
> memory exhaustion (AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls). It is not
> checked whether requested pid is a pid of the caller (no check in
> agpioc_reserve_wrap()).
> Each allocation is limited to 16KB, though, there is no per-process
> limit. This might lead to OOM situation, which is not even solved in case of
> the caller death by OOM killer - the memory is allocated for another
> (faked) process."
References:
Notes:
jmm> This can only be triggered by root-equivalent privileges
Bugs:
upstream: needed "no upstream fix as of 2011.08.08"
2.6.32-upstream-stable: needed "no upstream fix as of 2011.06.20"
sid: needed "no upstream fix as of 2011.06.20"
2.6.26-lenny-security: needed "no upstream fix as of 2011.06.20"
2.6.32-squeeze-security: needed "no upstream fix as of 2011.06.20"
3.2-upstream-stable: needed "no upstream fix as of 2011.06.20"
|