CVE-2008-3534

Published: 08 August 2008

The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count.

From the Ubuntu security team

It was discovered that the tmpfs implementation did not correctly handle certain sequences of inode operations. A local attacker could exploit this to crash the system, leading to a denial of service.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.27~rc4)
Patches:
Introduced by 14fcc23fdc78e9d32372553ccf21758a9bd56fa1
Fixed by d847471d063663b9f36927d265c66a270c0cfaab
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.27~rc4)
linux-source-2.6.20
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.27~rc4)
linux-source-2.6.22
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.27~rc4)