Your submission was sent successfully! Close

CVE-2008-1615

Published: 08 May 2008

Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.

From the Ubuntu security team

Jan Kratochvil discovered that PTRACE did not correctly handle certain calls when running under 64bit kernels. A local attacker could exploit this to crash the system, leading to a denial of service.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.25~rc1)
Patches:
Diff: http://marc.info/?l=linux-kernel&m=120219781932243
upstream: a57dae3aa4d00a000b5bac4238025438204c78b2 (with more in 3701d863?)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.25~rc1)
linux-source-2.6.20
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.25~rc1)
linux-source-2.6.22
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.25~rc1)
Patches:
Vendor: http://svn.debian.org/wsvn/kernel/dists/etch-security/linux-2.6/debian/patches/bugfix/amd64-cs-corruption.patch?op=file&rev=0&sc=0

Notes

AuthorNote
kees
reproducer mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=431430
this is _only_ the CS corruption, so we can ignore the upstream fix

References