LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

The 2008 Linux and free software timeline

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

kernel: denial of service vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-4133 CVE-2007-5093
Created:January 12, 2008 Updated:November 20, 2008
Description: The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors.

The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 relies on user space to close the device, which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device.

Alerts:
CentOS CESA-2008:0275 2008-05-21
Mandriva MDVSA-2008:105 2007-05-21
Red Hat RHSA-2008:0275-01 2008-05-20
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
Ubuntu USN-578-1 2008-02-14
Ubuntu USN-574-1 2008-02-04
Mandriva MDVSA-2008:008 2008-01-11
Red Hat RHSA-2008:0972-01 2008-11-19
CentOS CESA-2008:0972 2008-11-20
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds