CVE-2009-0605
Published: 17 February 2009
Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine that has a registered Kprobes probe.
From the Ubuntu Security Team
The page fault handler could consume stack memory. A local attacker could exploit this to crash the system or gain root privileges with a Kprobe registered.
Notes
Author | Note |
---|---|
jdsstrand | needs CONFIG_KPROBES set. Ubuntu 7.10 and after have this set. |
Priority
Status
Package | Release | Status |
---|---|---|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Not vulnerable
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
gutsy |
Released
(2.6.22-16.62)
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Released
(2.6.24-23.52)
|
|
intrepid |
Released
(2.6.27-11.31)
|