Your submission was sent successfully! Close

CVE-2008-5300

Published: 1 December 2008

Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.

From the Ubuntu security team

Dann Frazier discovered that in certain situations sendmsg did not correctly release allocated memory. A local attacker could exploit this to force the system to run out of free memory, leading to a denial of service.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy
Released (2.6.24-23.48)
intrepid
Released (2.6.27-11.27)
upstream Needs triage

linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-53.75)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream Needs triage

linux-source-2.6.22
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy
Released (2.6.22-16.61)
hardy Does not exist

intrepid Does not exist

upstream Needs triage