CVE-2008-5029

Published: 10 November 2008

The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.

From the Ubuntu security team

It was discovered that the Unix Socket handler did not correctly process the SCM_RIGHTS message. A local attacker could make a malicious socket request that would crash the system, leading to a denial of service.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.28~rc4)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by f8d570a4745835f2238a33b537218a1bb03fc671
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.28~rc4)
linux-source-2.6.22
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.28~rc4)