CVE-2008-0600

Publication date 12 February 2008

Last updated 24 July 2024


Ubuntu priority

The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.

Read the notes from the security team

Status

Package Ubuntu Release Status
linux 7.10 gutsy Not in release
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
linux-source-2.6.15 7.10 gutsy Not in release
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper
Not affected
linux-source-2.6.17 7.10 gutsy Not in release
7.04 feisty Not in release
6.10 edgy
Fixed 2.6.17.1-12.44
6.06 LTS dapper Not in release
linux-source-2.6.20 7.10 gutsy Not in release
7.04 feisty
Fixed 2.6.20-16.35
6.10 edgy Not in release
6.06 LTS dapper Not in release
linux-source-2.6.22 7.10 gutsy
Fixed 2.6.22-14.52
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release

Notes


jdstrand

dapper not affected. Only 2.6.17. See vulnerability #1: http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt local root exploit (exploit code exists) amitk will upload 2.6.24.2 for hardy soon

References

Related Ubuntu Security Notices (USN)

    • USN-577-1
    • Linux kernel vulnerability
    • 12 February 2008

Other references