Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 440790 (CVE-2012-3511)

Summary: Kernel : "madvise_remove()" Use-After-Free Vulnerability (CVE-2012-3511)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2012-11-01 17:16:25 UTC
From :

A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users 
to cause a DoS (Denial of Service).

The vulnerability is caused due to a use-after-free error in the "madvise_remove()" function and 
can be exploited to dereference already freed memory.

Update to version 3.0.37, 3.2.23, 3.4.5, or apply fix in the GIT repository for version 2.6.x.

Provided and/or discovered by
Andy Lutomirski

Original Advisory;a=commitdiff;h=9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb

Red Hat:
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 18:19:57 UTC
There are no longer any 2.x or <3.4.5 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.