325579 – (CVE-2010-1488) Kernel: proc_oom_score() DOS (CVE-2010-1488)

Bug 325579 (CVE-2010-1488) - Kernel: proc_oom_score() DOS (CVE-2010-1488)

Summary: Kernel: proc_oom_score() DOS (CVE-2010-1488)

Status:	RESOLVED FIXED

Alias:	CVE-2010-1488

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	[ linux < 2.6.34-rc4 ]
Keywords:

Depends on:
Blocks:

Reported:	2010-06-25 20:07 UTC by Stefan Behte (RETIRED)
Modified:	2013-09-15 19:39 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2010-06-25 20:07:26 UTC

CVE-2010-1488 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1488):
  The proc_oom_score function in fs/proc/base.c in the Linux kernel
  before 2.6.34-rc4 uses inappropriate data structures during selection
  of a candidate for the OOM killer, which might allow local users to
  cause a denial of service via unspecified patterns of task creation.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2010-06-25 21:36:53 UTC

CVE-2010-1457 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1457):
  Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local
  users to read arbitrary files via a (1) -c or (2) -a option, which
  prints file contents in an error message.

Comment 2 Anthony Basile gentoo-dev

2010-06-26 01:05:58 UTC

Of the hardened sources currently in the tree, none of the hardened-sources-2.6.32* are vulnerable.

I'm confused by your comment #1.  I don't see how its related to the kernel.

Comment 3 Tobias Heinlein (RETIRED) gentoo-dev

2010-06-26 13:14:05 UTC

(In reply to comment #2)
> I'm confused by your comment #1.  I don't see how its related to the kernel.

Wrong bug, should have been bug 325577. Thanks!