kernel: several vulnerabilities [LWN.net]

Package(s):

kernel

CVE #(s):

CVE-2008-2931 CVE-2008-3272 CVE-2008-3275

Created:

August 26, 2008

Updated:

January 5, 2009

Description:

From the Ubuntu advisory:

The do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. (CVE-2008-2931)

Tobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. (CVE-2008-3272)

Zoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service. (CVE-2008-3275)

Alerts:

Ubuntu	USN-637-1	2008-08-25
SuSE	SUSE-SA:2008:044	2008-09-11
Debian	DSA-1636-1	2008-09-11
Red Hat	RHSA-2008:0885-01	2008-09-24
CentOS	CESA-2008:0885	2008-09-25
SuSE	SUSE-SA:2008:047	2008-10-01
SuSE	SUSE-SA:2008:048	2008-10-01
SuSE	SUSE-SA:2008:049	2008-10-02
Red Hat	RHSA-2008:0857-02	2008-10-07
SuSE	SUSE-SA:2008:052	2008-10-21
Mandriva	MDVSA-2008:220	2008-10-29
SuSE	SUSE-SR:2008:025	2008-11-14
Red Hat	RHSA-2008:0972-01	2008-11-19
CentOS	CESA-2008:0972	2008-11-20
Mandriva	MDVSA-2008:220-1	2008-11-19
Red Hat	RHSA-2008:0973-03	2008-12-16
CentOS	CESA-2008:0973	2008-12-17
Red Hat	RHSA-2008:0787-01	2009-01-05

(Log in to post comments)