Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 224635 (CVE-2008-2137)

Summary: Kernel: sparc/64_mmap_check DoS (CVE-2008-2137)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5816339310b2d9623cf413d33e538b45e815da5d
Whiteboard: [linux <2.6.25.3]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-06-02 17:02:24 UTC
CVE-2008-2137 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2137):
  The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the
  (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the
  Linux kernel before 2.6.25.3, omit some virtual-address range (aka span)
  checks when the mmap MAP_FIXED bit is not set, which allows local users to
  cause a denial of service (panic) via unspecified mmap calls.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-06-02 17:03:24 UTC
5816339310b2d9623cf413d33e538b45e815da5d
Comment 2 kfm 2009-07-20 18:47:53 UTC
hardened-kernel unaffected at present time. Removing alias.

PS: Anything using >=genpatches-2.6.25-4 is unaffected