Bug#330353: linux-2.6: Two more local DoS vulnerabilities
retitle 330353 kernel-source-2.6.8: CAN-2005-3053
reassign 330353 kernel-source-2.6.8
tags 330353 + sarge
On Tue, 2005-09-27 at 19:37 +0200, Moritz Muehlenhoff wrote:
> Package: linux-2.6
> Severity: important
> Tags: security
> Two more local denial-of-service vulnerabilities have been
> found in the Linux 2.6 kernel:
> Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service
> (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a
> USB device and terminates before the URB is finished, which leads to a stale
> pointer reference.
This one is already covered by #330287, so let's track it there. In
general, its easier to deal with one issue per bug report.
> The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local
> users to cause a denial of service (kernel BUG()) via a negative first argument.
I've included this patch in our sarge and sarge-security branches of
2.6.8. This patch is part of the patch-18.104.22.168 patch, which was
included as part of linux-2.6 (2.6.12-3). This patch was already
included in the upstream release of 2.6.13.