CVE-2008-5395
Published: 9 December 2008
The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace addresses.
From the Ubuntu Security Team
Helge Deller discovered that PA-RISC stack unwinding was not handled correctly. A local attacker could exploit this to crash the system, leading do a denial of service. This did not affect official Ubuntu kernels, but was fixed in the source for anyone performing HPPA kernel builds.
Notes
Author | Note |
---|---|
smb | The call do dump_stack was not added before v2.6.25-rc6. So the resulting panic will not happen. |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Not vulnerable
|
|
intrepid |
Released
(2.6.27-11.27)
|
|
upstream |
Released
(2.6.28-rc7)
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
upstream |
Not vulnerable
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Not vulnerable
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
upstream |
Not vulnerable
|