Bug#640650: linux-image-2.6.32-5-openvz-amd64: kernel NULL pointer dereference

["Luke-Jr" <luke@dashjr.org>]

On Tuesday, September 06, 2011 12:20:17 PM Ben Hutchings wrote:
> On Tue, Sep 06, 2011 at 11:06:24AM -0400, Luke-Jr wrote:
> > On Tuesday, September 06, 2011 9:41:05 AM Ben Hutchings wrote:
> > > I understand this and found a patch that should fix it.
> > 
> > Is this a security vulnerability, or am I safe to assume my system was
> > not exploited at least through this issue?
> 
> It appears to be a denial-of-service vulnerability.  A container can
> trigger it by using most of its memory quota and then requesting a new
> pty.

I am the only root on all the containers.

> I don't believe it allows privilege escalation unless you reduce
> vm.mmap_min_addr (or unless a container can do that).

Containers cannot.