Your submission was sent successfully! Close

CVE-2009-0605

Published: 17 February 2009

Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine that has a registered Kprobes probe.

From the Ubuntu security team

The page fault handler could consume stack memory. A local attacker could exploit this to crash the system or gain root privileges with a Kprobe registered.

Notes

AuthorNote
jdsstrand
needs CONFIG_KPROBES set. Ubuntu 7.10 and after have this set.
Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy
Released (2.6.24-23.52)
intrepid
Released (2.6.27-11.31)
upstream Needs triage

linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper Not vulnerable

gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream Needs triage

linux-source-2.6.22
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy
Released (2.6.22-16.62)
hardy Does not exist

intrepid Does not exist

upstream Needs triage