CVE-2008-1615
Published: 8 May 2008
Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.
From the Ubuntu Security Team
Jan Kratochvil discovered that PTRACE did not correctly handle certain calls when running under 64bit kernels. A local attacker could exploit this to crash the system, leading to a denial of service.
Notes
Author | Note |
---|---|
kees | reproducer mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=431430 this is _only_ the CS corruption, so we can ignore the upstream fix |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Released
(2.6.24-19.36)
|
|
upstream |
Released
(2.6.25~rc1)
|
|
Patches: diff: http://marc.info/?l=linux-kernel&m=120219781932243 |
||
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.15-52.69)
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Released
(2.6.25~rc1)
|
|
linux-source-2.6.20 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Released
(2.6.20-17.37)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Released
(2.6.25~rc1)
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Released
(2.6.22-15.56)
|
|
hardy |
Does not exist
|
|
upstream |
Released
(2.6.25~rc1)
|
|
Patches: vendor: http://svn.debian.org/wsvn/kernel/dists/etch-security/linux-2.6/debian/patches/bugfix/amd64-cs-corruption.patch?op=file&rev=0&sc=0 |