CVE-2010-4346

Priority
Low
Description
The install_special_mapping function in mm/mmap.c in the Linux kernel
before 2.6.37-rc6 does not make an expected security_file_mmap function
call, which allows local users to bypass intended mmap_min_addr
restrictions and possibly conduct NULL pointer dereference attacks via a
crafted assembly-language application.
Ubuntu-Description
Tavis Ormandy discovered that the install_special_mapping function could
bypass the mmap_min_addr restriction. A local attacker could exploit this
to mmap 4096 bytes below the mmap_min_addr area, possibly improving the
chances of performing NULL pointer dereference attacks.
References
Notes
 kees> Ubuntu mmap_min_addr default is 64k, so this isn't very interesting in our case
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.37~rc6)
Patches:
Upstream:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=462e635e5b73ba9a4c03913b77138cd57ce4b050
Package
Upstream:released (2.6.37~rc6)
Package
Upstream:released (2.6.37~rc6)
More Information

Updated: 2018-06-26 04:38:41 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)