Date: Wed, 17 Mar 2010 09:01:19 +0800 From: Eugene Teo <eugeneteo@...nel.sg> To: oss-security@...ts.openwall.com CC: coley@...us.mitre.org Subject: CVE-2009-4271 kernel: 32bit process on 64bit system DoS STMicroelectronics reported a flaw in the Linux kernel, versions 2.6.9 to 2.6.17, when running on x86_64, where a user could use a regular 32bit process to trigger a kernel panic, without any special privileges. The bug occurs when a 32bit user process triggers a segfault (i.e. de-reference a null-pointer) after having performed a mprotect() to restrict any rwx access on its VDSO page. This only affects Red Hat Enterprise Linux 4. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4271 Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ