Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 440790 (CVE-2012-3511) - Kernel : "madvise_remove()" Use-After-Free Vulnerability (CVE-2012-3511)
Summary: Kernel : "madvise_remove()" Use-After-Free Vulnerability (CVE-2012-3511)
Status: RESOLVED OBSOLETE
Alias: CVE-2012-3511
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-01 17:16 UTC by Agostino Sarubbo
Modified: 2018-04-04 18:19 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-11-01 17:16:25 UTC 
From https://secunia.com/advisories/50310/ :

Description
A vulnerability has been reported in Linux Kernel, which can be exploited by malicious, local users 
to cause a DoS (Denial of Service).

The vulnerability is caused due to a use-after-free error in the "madvise_remove()" function and 
can be exploited to dereference already freed memory.


Solution
Update to version 3.0.37, 3.2.23, 3.4.5, or apply fix in the GIT repository for version 2.6.x.

Provided and/or discovered by
Andy Lutomirski

Original Advisory
Kernel.org:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.37
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.23
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5

Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=849734
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 18:19:57 UTC 
There are no longer any 2.x or <3.4.5 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.