Bug#330353: linux-2.6: Two more local DoS vulnerabilities

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#330353: linux-2.6: Two more local DoS vulnerabilities
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 27 Sep 2005 19:37:33 +0200
Message-id: <[🔎] E1EKJOX-0001co-GF@localhost.localdomain>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 330353@bugs.debian.org

Package: linux-2.6
Severity: important
Tags: security

Two more local denial-of-service vulnerabilities have been
found in the Linux 2.6 kernel:

CAN-2005-3055:
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service
(kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a
USB device and terminates before the URB is finished, which leads to a stale
pointer reference.

http://marc.theaimsgroup.com/?l=linux-kernel&m=112766129313883

Linus refused the above patch on technical grounds, there was a short folloup-
thread on linux-kernel.

CAN-2005-3053:
The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local
users to cause a denial of service (kernel BUG()) via a negative first argument.

http://linux.bkbits.net:8080/linux-2.6/cset@42eef8b09C5r6iI0LuMe5Uy3k05c5g

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Reply to:

Follow-Ups:
- Bug#330353: linux-2.6: Two more local DoS vulnerabilities
  - From: dann frazier <dannf@dannf.org>

Prev by Date: Re: Removing 2.6.8 from the archive, is it time?
Next by Date: Re: Should we drop non-SMP ia64 kernel images?
Previous by thread: Bug#330329: marked as done (linux-2.6: 2.6.12-10 FTBFS on sparc)
Next by thread: Bug#330353: linux-2.6: Two more local DoS vulnerabilities
Index(es):
- Date
- Thread