| A Denial of Service vulnerability was discovered in the
sys_set_mempolicy() function. By calling the function with a negative
first argument, a local attacker could cause a kernel crash.
(CAN-2005-3053)
A race condition was discovered in the handling of shared memory
mappings with CLONE_VM. A local attacker could exploit this to cause a
deadlock (Denial of Service) by triggering a core dump while waiting
for a thread which had just performed an exec() system call.
(CAN-2005-3106)
A race condition was found in the handling of traced processes. When
one thread was tracing another thread that shared the same memory map,
a local attacker could trigger a deadlock (Denial of Service) by
forcing a core dump when the traced thread was in the TASK_TRACED
state. (CAN-2005-3107)
A vulnerability has been found in the "ioremap" module. By performing
certain IO mapping operations, a local attacker could either read
memory pages he has not normally access to (information leak) or cause
a kernel crash (Denial of Service). This only affects the amd64
platform. (CAN-2005-3108)
The HFS and HFS+ file system drivers did not properly verify that the
file system that was attempted to be mounted really was HFS/HFS+. On
machines which allow users to mount arbitrary removable devices as HFS
or HFS+ with an /etc/fstab entry, this could be exploited to trigger a
kernel crash. (CAN-2005-3109)
Steve Herrel discovered a race condition in the "ebtables" netfilter
module. A remote attacker could exploit this by sending specially
crafted packets that caused a value to be modified after it had
been read but before it had been locked. This eventually lead to a
kernel crash. This only affects multiprocessor machines (SMP).
(CAN-2005-3110)
| 