Bug#532722: linux-2.6: CVE-2009-1914 local dos in /proc/iomem on sparc

To: submit@bugs.debian.org
Subject: Bug#532722: linux-2.6: CVE-2009-1914 local dos in /proc/iomem on sparc
From: Michael S Gilbert <michael.s.gilbert@gmail.com>
Date: Wed, 10 Jun 2009 18:47:33 -0400
Message-id: <[🔎] 8e2a98be0906101547j3a370c1w5205c3a691d12277@mail.gmail.com>
Reply-to: Michael S Gilbert <michael.s.gilbert@gmail.com>, 532722@bugs.debian.org

Package: linux-2.6
Version: FILLINAFFECTEDVERSION
Severity: important
Tags: security , patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for linux-2.6.

CVE-2009-1914[0]:
| The pci_register_iommu_region function in
| arch/sparc/kernel/pci_common.c in the Linux kernel before 2.6.29 on
| the sparc64 platform allows local users to cause a denial of service
| (system crash) by reading the /proc/iomem file, related to
| uninitialized pointers and the request_resource function.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Patches available [1].

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1914
    http://security-tracker.debian.net/tracker/CVE-2009-1914
[1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=192d7a4667c6d11d1a174ec4cad9a3c5d5f9043c

Reply to:

Prev by Date: Bug#532721: linux-2.6: CVE-2009-1385 dos in e1000 driver
Next by Date: Bug#532376: this is CVE-2009-1389
Previous by thread: Bug#532721: linux-2.6: CVE-2009-1385 dos in e1000 driver
Next by thread: Bug#532376: this is CVE-2009-1389
Index(es):
- Date
- Thread