PublicDate: 2008-05-29 16:32:00 UTC
Candidate: CVE-2008-2137
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2137
 https://ubuntu.com/security/notices/USN-625-1
Description:
 The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the
 (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the
 Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some
 virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not
 set, which allows local users to cause a denial of service (panic) via
 unspecified mmap calls.
Ubuntu-Description:
 David Miller and Jan Lieskovsky discovered that the Sparc kernel did
 not correctly range-check memory regions allocated with mmap.  A local
 attacker could exploit this to crash the system, leading to a denial
 of service.
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to: kees
CVSS: 

Patches_linux-source-2.6.15:
upstream_linux-source-2.6.15: released (2.6.26~rc2)
dapper_linux-source-2.6.15: released (2.6.15-52.69)
feisty_linux-source-2.6.15: DNE
gutsy_linux-source-2.6.15: DNE
hardy_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE

Patches_linux-source-2.6.20:
upstream_linux-source-2.6.20: released (2.6.26~rc2)
dapper_linux-source-2.6.20: DNE
feisty_linux-source-2.6.20: released (2.6.20-17.37)
gutsy_linux-source-2.6.20: DNE
hardy_linux-source-2.6.20: DNE
devel_linux-source-2.6.20: DNE

Patches_linux-source-2.6.22:
upstream_linux-source-2.6.22: released (2.6.26~rc2)
dapper_linux-source-2.6.22: DNE
feisty_linux-source-2.6.22: DNE
gutsy_linux-source-2.6.22: released (2.6.22-15.56)
hardy_linux-source-2.6.22: DNE
devel_linux-source-2.6.22: DNE

Patches_linux:
 upstream: 5816339310b2d9623cf413d33e538b45e815da5d
upstream_linux: released (2.6.26~rc2)
dapper_linux: DNE
feisty_linux: DNE
gutsy_linux: DNE
hardy_linux: released (2.6.24-19.36)
devel_linux: not-affected