r4487 - people/micah
Dann Frazier
dannf at costa.debian.org
Sun Oct 16 22:04:41 UTC 2005
Author: dannf
Date: 2005-10-16 22:04:41 +0000 (Sun, 16 Oct 2005)
New Revision: 4487
Modified:
people/micah/pending_CVE_requests
Log:
add a 2.4-only issue that I haven't seen a CVE ID for yet
Modified: people/micah/pending_CVE_requests
===================================================================
--- people/micah/pending_CVE_requests 2005-10-16 22:04:11 UTC (rev 4486)
+++ people/micah/pending_CVE_requests 2005-10-16 22:04:41 UTC (rev 4487)
@@ -159,3 +159,11 @@
- Fix drm 'debug' sysfs permissions
r4401, r4404, r4405, 4406, 4407 (193_plug-names_cache-memleak.diff)
r4410, r4411, r4412, r4413, r4414, r4415, r4418
+
+Draft CVE Text:
+dannf> This is the only one in 2.4.27-10sarge1 I couldn't find a CAN for elsewhere...
+* 184_arch-x86_64-ia32-ptrace32-oops.diff
+URL: http://lkml.org/lkml/2005/1/5/245
+The find_target() routine in x86_64 Linux 2.4 kernels prior to 2.4.XX failed to properly handle the case where
+find_task_by_pid() returns NULL. This is a potential DoS attack vector as it is possible for local users to
+cause the kernel to oops.
More information about the Kernel-svn-changes
mailing list