CVE-2010-4346 (retired)

Priority
Description
The install_special_mapping function in mm/mmap.c in the Linux kernel
before 2.6.37-rc6 does not make an expected security_file_mmap function
call, which allows local users to bypass intended mmap_min_addr
restrictions and possibly conduct NULL pointer dereference attacks via a
crafted assembly-language application.
Ubuntu-Description
Tavis Ormandy discovered that the install_special_mapping function could
bypass the mmap_min_addr restriction. A local attacker could exploit this
to mmap 4096 bytes below the mmap_min_addr area, possibly improving the
chances of performing NULL pointer dereference attacks.
Notes
 kees> Ubuntu mmap_min_addr default is 64k, so this isn't very interesting in our case
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
More Information

Updated: 2019-03-26 11:54:06 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)