CVE-2008-0600

Published: 12 February 2008

The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.

Priority

High

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.24.2)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

linux-source-2.6.17
Launchpad, Ubuntu, Debian
Upstream Needed

linux-source-2.6.20
Launchpad, Ubuntu, Debian
Upstream Needed

linux-source-2.6.22
Launchpad, Ubuntu, Debian
Upstream Needed

Notes

AuthorNote
jdstrand
dapper not affected. Only 2.6.17.  See vulnerability #1:
http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt
local root exploit (exploit code exists)
amitk will upload 2.6.24.2 for hardy soon

References

Bugs