[kernel-sec-discuss] r706 - active
Dann Frazier
dannf at alioth.debian.org
Sat Feb 10 22:43:28 CET 2007
Author: dannf
Date: 2007-02-10 22:43:28 +0100 (Sat, 10 Feb 2007)
New Revision: 706
Added:
active/CVE-2007-0006
Log:
new issue
Copied: active/CVE-2007-0006 (from rev 703, active/00boilerplate)
===================================================================
--- active/00boilerplate 2007-02-10 20:36:33 UTC (rev 703)
+++ active/CVE-2007-0006 2007-02-10 21:43:28 UTC (rev 706)
@@ -0,0 +1,20 @@
+Candidate: CVE-2007-0006
+References:
+ http://bugzilla.kernel.org/show_bug.cgi?id=7727
+ http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9ad0830f307bcd8dc285cfae58998d43b21727f4
+Description:
+ The key serial number collision avoidance code in the key_alloc_serial
+ function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a
+ denial of service (crash) via vectors that trigger a null dereference, as
+ originally reported as "spinlock CPU recursion."
+Ubuntu-Description:
+Notes:
+Bugs: 398470
+upstream:
+linux-2.6:
+2.6.18-etch-security:
+2.6.8-sarge-security: N/A
+2.4.27-sarge-security: N/A
+2.6.12-breezy-security:
+2.6.15-dapper-security:
+2.6.17-edgy-security:
More information about the kernel-sec-discuss
mailing list