kernel: multiple vulnerabilities

A race condition was discovered in the handling of shared memory mappings with CLONE_VM. A local attacker could exploit this to cause a deadlock (Denial of Service) by triggering a core dump while waiting for a thread which had just performed an exec() system call. (CAN-2005-3106)

A race condition was found in the handling of traced processes. When one thread was tracing another thread that shared the same memory map, a local attacker could trigger a deadlock (Denial of Service) by forcing a core dump when the traced thread was in the TASK_TRACED state. (CAN-2005-3107)

A vulnerability has been found in the "ioremap" module. By performing certain IO mapping operations, a local attacker could either read memory pages he has not normally access to (information leak) or cause a kernel crash (Denial of Service). This only affects the amd64 platform. (CAN-2005-3108)

The HFS and HFS+ file system drivers did not properly verify that the file system that was attempted to be mounted really was HFS/HFS+. On machines which allow users to mount arbitrary removable devices as HFS or HFS+ with an /etc/fstab entry, this could be exploited to trigger a kernel crash. (CAN-2005-3109)

Steve Herrel discovered a race condition in the "ebtables" netfilter module. A remote attacker could exploit this by sending specially crafted packets that caused a value to be modified after it had been read but before it had been locked. This eventually lead to a kernel crash. This only affects multiprocessor machines (SMP). (CAN-2005-3110)