kernel: several vulnerabilities [LWN.net]

Package(s):

kernel

CVE #(s):

CVE-2008-2931 CVE-2008-3272 CVE-2008-3275

Created:

August 26, 2008

Updated:

September 1, 2010

Description:

From the Ubuntu advisory:

The do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. (CVE-2008-2931)

Tobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. (CVE-2008-3272)

Zoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service. (CVE-2008-3275)

Alerts:

SUSE	SUSE-SA:2010:036	2010-09-01
Red Hat	RHSA-2008:0787-01	2009-01-05
CentOS	CESA-2009:0014	2009-01-15
CentOS	CESA-2008:0973	2008-12-17
Red Hat	RHSA-2008:0973-03	2008-12-16
Mandriva	MDVSA-2008:220-1	2008-11-19
CentOS	CESA-2008:0972	2008-11-20
Red Hat	RHSA-2008:0972-01	2008-11-19
SuSE	SUSE-SR:2008:025	2008-11-14
Red Hat	RHSA-2009:0001-01	2009-01-08
Mandriva	MDVSA-2008:220	2008-10-29
SuSE	SUSE-SA:2008:052	2008-10-21
Red Hat	RHSA-2008:0857-02	2008-10-07
SuSE	SUSE-SA:2008:049	2008-10-02
SuSE	SUSE-SA:2008:048	2008-10-01
SuSE	SUSE-SA:2008:047	2008-10-01
Red Hat	RHSA-2009:0014-01	2009-01-14
CentOS	CESA-2008:0885	2008-09-25
Red Hat	RHSA-2008:0885-01	2008-09-24
Debian	DSA-1636-1	2008-09-11
SuSE	SUSE-SA:2008:044	2008-09-11
Ubuntu	USN-637-1	2008-08-25

(Log in to post comments)