User: Password:
|
|
Subscribe / Log in / New account

2.6.32.9 Release notes

2.6.32.9 Release notes

Posted Feb 21, 2010 19:11 UTC (Sun) by nelhage (subscriber, #59579)
Parent article: 2.6.32.9 Release notes

I'm curious why you marked '#1 Fix potential crash with sys_move_pages.' as
non-security. I am not aware of any path to privilege escalation from this
bug, but it's definitely a denial of service, and an impressively effective
information leak attack (as demonstrated by spender's published exploit
code). It's been assigned CVE-2010-0415 in light of this.


(Log in to post comments)

#1

Posted Feb 21, 2010 19:14 UTC (Sun) by corbet (editor, #1) [Link]

Because I blew it, apparently. I couldn't see any sort of reliable way to trigger it, so it just looked like a crash. Obviously, I was unaware of the exploit or the CVE number. Clearly, it's a security problem.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds