Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 212137 (CVE-2008-0007)

Summary: Linux < 2.6.22.17 vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: kernel, n0idx80
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: [linux < 2.6.22.17][linux >= 2.6.23 < 2.6.23.15][linux >= 2.6.24 < 2.6.24.1][gp < 2.6.23-8][gp >= 2.6.24-1 < 2.6.24-2]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-03-03 01:16:31 UTC
CVE-2008-0007 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0007):
  Linux kernel before 2.6.22.17, when using certain drivers that register a
  fault handler that does not perform range checks, allows local users to
  access kernel memory via an out-of-range offset.
Comment 1 unnamedrambler 2008-03-21 18:35:10 UTC
[linux < 2.6.22.17] 83af8eda68a3f0c227d0eb05348e58ae27a62e7e
[linux >= 2.6.23 < 2.6.23.15] d4dd8e3a7287146e479c77e0456eaa315875972a
[linux >= 2.6.24 < 2.6.24.1] f5871b9016c0ebce8acc58f7a230adcb9bd89577

[gp < 2.6.23-8]
[gp >= 2.6.24-1 < 2.6.24-2] 
Comment 2 Michael Harrison 2012-01-31 10:34:29 UTC
*** Bug 385889 has been marked as a duplicate of this bug. ***
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2016-06-06 11:04:06 UTC
None of these kernels have been in the tree for many years.