[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#330353: linux-2.6: Two more local DoS vulnerabilities

retitle 330353 kernel-source-2.6.8: CAN-2005-3053
reassign 330353 kernel-source-2.6.8
tags 330353 + sarge
thanks

On Tue, 2005-09-27 at 19:37 +0200, Moritz Muehlenhoff wrote:
> Package: linux-2.6
> Severity: important
> Tags: security
> 
> Two more local denial-of-service vulnerabilities have been
> found in the Linux 2.6 kernel:
> 
> CAN-2005-3055:
> Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service
> (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a
> USB device and terminates before the URB is finished, which leads to a stale
> pointer reference.

Thanks Moritz.

This one is already covered by #330287, so let's track it there.  In
general, its easier to deal with one issue per bug report.

> CAN-2005-3053:
> The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local
> users to cause a denial of service (kernel BUG()) via a negative first argument.
> 
> http://linux.bkbits.net:8080/linux-2.6/cset@42eef8b09C5r6iI0LuMe5Uy3k05c5g

I've included this patch in our sarge and sarge-security branches of
2.6.8.  This patch is part of the patch-2.6.12.5 patch, which was
included as part of linux-2.6 (2.6.12-3).  This patch was already
included in the upstream release of 2.6.13.
Reply to: