230581 – (CVE-2008-2372) Linux <2.6.25.9 get_user_pages() ZERO_PAGE DoS (CVE-2008-2372)

Bug 230581 (CVE-2008-2372) - Linux <2.6.25.9 get_user_pages() ZERO_PAGE DoS (CVE-2008-2372)

Summary: Linux <2.6.25.9 get_user_pages() ZERO_PAGE DoS (CVE-2008-2372)

Status:	RESOLVED FIXED

Alias:	CVE-2008-2372

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://git.kernel.org/?p=linux/kernel...
Whiteboard:	[linux <2.6.25.9]
Keywords:

Depends on:
Blocks:

Reported:	2008-07-02 23:29 UTC by Robert Buchholz (RETIRED)
Modified:	2013-09-05 03:02 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-07-02 23:29:50 UTC

CVE-2008-2372 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2372):
  The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to
  cause a denial of service (memory consumption) via a large number of calls to
  the get_user_pages function, which lacks a ZERO_PAGE optimization and results
  in allocation of "useless newly zeroed pages."

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-07-02 23:32:55 UTC

See also: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2372

Comment 2 kfm 2008-10-13 17:01:45 UTC

Note: >=genpatches-2.6.25-7 is unaffected. Removing hardened as there are no vulnerable versions of hardened-sources in portage.