[kernel-sec-discuss] r1072 - active
jmm at alioth.debian.org
jmm at alioth.debian.org
Sun Dec 23 12:39:21 UTC 2007
Author: jmm
Date: 2007-12-23 12:39:21 +0000 (Sun, 23 Dec 2007)
New Revision: 1072
Modified:
active/CVE-2007-6417
active/CVE-2007-6434
Log:
fill in details
Modified: active/CVE-2007-6417
===================================================================
--- active/CVE-2007-6417 2007-12-23 12:31:57 UTC (rev 1071)
+++ active/CVE-2007-6417 2007-12-23 12:39:21 UTC (rev 1072)
@@ -1,7 +1,13 @@
Candidate: CVE-2007-6417
Description:
+ The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does
+ not properly clear allocated memory in some rare circumstances, which might allow
+ local users to read sensitive kernel data or cause a denial of service (crash).
References:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e84e2e132c9c66d8498e7710d4ea532d1feaaac5
+ http://marc.info/?l=linux-kernel&m=119627664702379&w=2
+ http://marc.info/?l=linux-kernel&m=119743651829347&w=2
+ http://marc.info/?l=linux-kernel&m=119769771026243&w=2
Ubuntu-Description:
Notes:
dannf> Commit log suggests this was a regression introduced in 2.6.11
Modified: active/CVE-2007-6434
===================================================================
--- active/CVE-2007-6434 2007-12-23 12:31:57 UTC (rev 1071)
+++ active/CVE-2007-6434 2007-12-23 12:39:21 UTC (rev 1072)
@@ -1,6 +1,10 @@
Candidate: CVE-2007-6434
Description:
+ Linux kernel 2.6.23 allows local users to create low pages in virtual userspace
+ memory and bypass mmap_min_addr protection via a crafted executable file that calls
+ the do_brk function.
References:
+ http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc5
Ubuntu-Description:
Notes:
Bugs:
More information about the kernel-sec-discuss
mailing list