234812 CVE-2008-3534 2008-08-15 12:47 0000 Linux <2.6.26.1 tmpfs: fix kernel BUG in shmem_delete_inode (CVE-2008-3534) 2009-07-20 22:46:49 0000 1 1 1 Unclassified Gentoo Security Kernel unspecified All Linux ASSIGNED http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=14fcc23fdc78e9d32372553ccf21758a9bd56fa1 [linux <2.6.25.14] [linux >=2.6.26 <2.6.26.1] P2 normal --- 1 rbu@gentoo.org security@gentoo.org kernel@gentoo.org rbu@gentoo.org 2008-08-15 12:47:43 0000 CVE-2008-3534 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3534): The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count. rbu@gentoo.org 2008-08-15 12:49:45 0000 Fixed in 2.6.25.14 and 2.6.26.1 kerframil@gmail.com 2009-07-20 22:46:49 0000 Beware, the patch introduced an independent bug which was subsequently fixed in 2.6.25.17 and 2.6.26.4 respectively: "fbdefio: add set_page_dirty handler to deferred IO FB" http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d847471d063663b9f36927d265c66a270c0cfaab Anyhow, hardened-kernel unaffected at present time. Removing alias. PS: genpatches-2.6.25-10 added 2.6.25.14. genpatches-2.6.25-3 added 2.6.26.1.