CVE-2008-0009
Publication date 12 February 2008
Last updated 24 July 2024
Ubuntu priority
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | 7.10 gutsy | Not in release |
7.04 feisty | Not in release | |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
linux-source-2.6.15 | 7.10 gutsy | Not in release |
7.04 feisty | Not in release | |
6.10 edgy | Not in release | |
6.06 LTS dapper |
Not affected
|
|
linux-source-2.6.17 | 7.10 gutsy | Not in release |
7.04 feisty | Not in release | |
6.10 edgy |
Not affected
|
|
6.06 LTS dapper | Not in release | |
linux-source-2.6.20 | 7.10 gutsy | Not in release |
7.04 feisty |
Not affected
|
|
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
linux-source-2.6.22 | 7.10 gutsy |
Not affected
|
7.04 feisty | Not in release | |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release |
Notes
jdstrand
dapper-gutsy not affected. Only 2.6.23 - 2.6.24. See: http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt local root exploit on hardy (exploit code doesn’t exist yet) amitk will upload 2.6.24.2 for hardy soon