Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 220979 (CVE-2008-1615) - Linux ptrace crash (CVE-2008-1615)
Summary: Linux ptrace crash (CVE-2008-1615)
Alias: CVE-2008-1615
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: [linux >2.6.4 <2.6.25]
Depends on:
Reported: 2008-05-08 18:16 UTC by Robert Buchholz (RETIRED)
Modified: 2013-09-05 03:02 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

linux-2.6.9-fix-unprivileged-crash-on-x86_64-cs-corruption.patch (linux-2.6.9-fix-unprivileged-crash-on-x86_64-cs-corruption.patch,225 bytes, patch)
2008-05-08 19:37 UTC, Robert Buchholz (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-05-08 18:16:19 UTC
CVE-2008-1615 (
  Linux kernel 2.6.18, and possibly other versions, when running on AMD64
  architectures, allows local users to cause a denial of service (crash) via
  certain ptrace calls.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-05-08 19:36:18 UTC
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-05-08 19:37:05 UTC
Created attachment 152509 [details, diff]

Extracted from kernel-2.6.9-67.0.15.EL.src.rpm
Comment 3 Gordon Malm (RETIRED) gentoo-dev 2008-05-10 00:09:02 UTC
Other kernels are affected.  Looks like 2.6.4->2.6.24

More info:
Comment 5 Daniel Drake (RETIRED) gentoo-dev 2008-05-10 16:23:56 UTC
not sure how to fix this in 2.6.24.. the patch linked here is for older kernels only, and i can't find any explanation of how this was fixed in 2.6.25
Comment 6 Daniel Drake (RETIRED) gentoo-dev 2008-05-10 19:34:44 UTC
the patch can be ported to 2.6.24 quite easily (as Gordon has done) but it doesn't match what has been done upstream.

I think the upstream fix is this one:;a=commitdiff_plain;h=a31f8dd7ee3b2f5645c220406b1e21f82971f32b

It applies cleanly to 2.6.24.
If someone wants to confirm that it makes the bug go away, I'll put it in genpatches.
Comment 7 Daniel Drake (RETIRED) gentoo-dev 2008-05-10 19:37:54 UTC
actually that's not it, I'm back to being not sure how upstream fixed it