Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2372

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2008-2372
Last Modified 26 Nov 2012 10:46:48
Published 02 Jul 2008 12:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-2372

Summary

The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages."

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.24

  • Linux Kernel 2.6.25

  • Linux Kernel 2.6.25.1

  • Linux Kernel 2.6.25.2

  • Linux Kernel 2.6.25.3

  • Linux Kernel 2.6.25.4

  • Linux Kernel 2.6.25.5

  • Linux Kernel 2.6.25.6

  • Linux Kernel 2.6.25.7

  • Linux Kernel 2.6.25.8


References

CONFIRM - https://issues.rpath.com/browse/RPL-2629

XF - linux-kernel-getuserpages-dos(43550)

MLIST - [linux-kernel] 20080430 Re: Page Faults slower in 2.6.25-rc9 than 2.6.23

UBUNTU - USN-659-1

REDHAT - RHSA-2008:0957

REDHAT - RHSA-2008:0585

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0207

SECUNIA - 32485

SECUNIA - 32393

SECUNIA - 31628

SECUNIA - 31202

SECUNIA - 30901

MISC - http://new-ubuntu-news.blogspot.com/2008/06/re-pending-stable-kernel-security_25.html

SUSE - SUSE-SA:2008:038

SUSE - SUSE-SA:2008:037

SUSE - SUSE-SA:2008:035

CONFIRM - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89f5b7da2a6bad2e84670422ab8192382a5aeb9f

SECUNIA - 30982


Last Updated: 27 May 2016 10:57:30