| Summary: | sys/kernel inux Kernel __SetLease Local Denial of Service Vulnerability | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Dax <gentoomail> |
| Component: | Kernel | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | CC: | security-kernel |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.securityfocus.com/bid/18033/info | ||
| Whiteboard: | [2.6 < 2.6.16.16] | ||
| Package list: | Runtime testing required: | --- | |
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the '__setlease' function.
This vulnerability allows local users to leak kernel memory, potentially resulting in a kernel panic, denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.16.
#########
Linux 2.6.16.16
commit 1f0e637c94a9b041833947c79110d6c02fff8618
Author: Trond Myklebust <Trond.Myklebust@netapp.com>
Date: Sun May 7 23:02:42 2006 -0400
[PATCH] fs/locks.c: Fix lease_init (CVE-2006-1860)
It is insane to be giving lease_init() the task of freeing the lock it is
supposed to initialise, given that the lock is not guaranteed to be
allocated on the stack. This causes lockups in fcntl_setlease().
Problem diagnosed by Daniel Hokka Zakrisson <daniel@hozac.com>
Also fix a slab leak in __setlease() due to an uninitialised return value.
Problem diagnosed by Björn Steinbrink.
|
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the '__setlease' function. This vulnerability allows local users to leak kernel memory, potentially resulting in a kernel panic, denying further service to legitimate users. This issue affects Linux kernel versions prior to 2.6.16.16. ######### Linux 2.6.16.16 commit 1f0e637c94a9b041833947c79110d6c02fff8618 Author: Trond Myklebust <Trond.Myklebust@netapp.com> Date: Sun May 7 23:02:42 2006 -0400 [PATCH] fs/locks.c: Fix lease_init (CVE-2006-1860) It is insane to be giving lease_init() the task of freeing the lock it is supposed to initialise, given that the lock is not guaranteed to be allocated on the stack. This causes lockups in fcntl_setlease(). Problem diagnosed by Daniel Hokka Zakrisson <daniel@hozac.com> Also fix a slab leak in __setlease() due to an uninitialised return value. Problem diagnosed by Björn Steinbrink.