CVE-2008-2372

Publication date 2 July 2008

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages."

From the Ubuntu Security Team

It was discovered that the disabling of the ZERO_PAGE optimization could lead to large memory consumption. A local attacker could exploit this to allocate all available memory, leading to a denial of service.

Read the notes from the security team

Status

Package Ubuntu Release Status
linux 8.04 LTS hardy
Fixed 2.6.24-21.43
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper Not in release
linux-source-2.6.15 8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper
Not affected
linux-source-2.6.20 8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty
Not affected
6.06 LTS dapper Not in release
linux-source-2.6.22 8.04 LTS hardy Not in release
7.10 gutsy
Not affected
7.04 feisty Not in release
6.06 LTS dapper Not in release

Notes

kees

is this even security-relevant? linux-2.6: 89f5b7da2a6bad2e84670422ab8192382a5aeb9f and also: 672ca28e300c17bf8d792a2a7a8631193e580c74 (vmware breakage) this is being fixed via -proposed -20 abi (which will likely be -22 in the end)

References

Related Ubuntu Security Notices (USN)

    • USN-659-1
    • Linux kernel vulnerabilities
    • 27 October 2008

Other references