blob: 15e09d0593f1169eb9d86c321cb4de521e4a0593 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Candidate: CVE-2007-6694
Description:
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21
through 2.6.18-53, when running on PowerPC, might allow local users
to cause a denial of service (crash) via unknown vectors that cause
the of_get_property function to fail, which triggers a NULL pointer
dereference.
References:
http://marc.info/?l=linux-kernel&m=119576191029571&w=2
Ubuntu-Description:
It was discovered that PowerPC kernels did not correctly handle reporting
certain system details. By requesting a specific set of information,
a local attacker could cause a system crash resulting in a denial
of service.
Notes:
jmm> This appears more of a regular bug with a specific piece of hw
jmm> than a security problem. Do we support the chrp POWER platform?
Bugs:
upstream:
linux-2.6:
2.6.18-etch-security: released (2.6.18.dfsg.1-18etch2) [bugfix/powerpc-chrp-null-deref.patch]
2.6.8-sarge-security: released (2.6.8-17sarge2) [powerpc-chrp-null-deref.dpatch]
2.4.27-sarge-security: released (2.4.27-10sarge6) [265_powerpc-chrp-null-deref.diff]
2.6.15-dapper-security: released (2.6.15-52.67)
2.6.17-edgy-security: ignored (EOL)
2.6.20-feisty-security: released (2.6.20-17.36)
2.6.22-gutsy-security: released (2.6.22-15.54)
2.6.24-hardy-security: released (2.6.24-19.34)
|