CVE-2008-2372

Priority
Low
Description
The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to
cause a denial of service (memory consumption) via a large number of calls
to the get_user_pages function, which lacks a ZERO_PAGE optimization and
results in allocation of "useless newly zeroed pages."
Ubuntu-Description
It was discovered that the disabling of the ZERO_PAGE optimization could
lead to large memory consumption. A local attacker could exploit this
to allocate all available memory, leading to a denial of service.
References
Notes
kees> is this even security-relevant?
kees> linux-2.6: 89f5b7da2a6bad2e84670422ab8192382a5aeb9f
kees> and also: 672ca28e300c17bf8d792a2a7a8631193e580c74 (vmware breakage)
kees> this is being fixed via -proposed -20 abi (which will likely be -22 in the end)
Assigned-to
smb_tp
Package
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):released (2.6.24-21.43)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:18:50 UTC (commit 5347)