New kernel vulnerability [bug closed, does not affect our kernels]

tlvb · 2009-08-14 14:58:21

http://www.theregister.co.uk/2009/08/14 … linux_bug/

Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.
The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn't always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.

I'm not sure if this should be submitted as a bug, or be posted on a mailing list (advice please).
A quick look on the open dev mailing list + forum search did not turn up anything.

Last edited by tlvb (2009-08-15 13:19:42)

wonder · 2009-08-14 15:42:40

open a bug report and post a link the commit that fix this issue.

tlvb · 2009-08-14 16:05:29

Like this? http://bugs.archlinux.org/task/15935
Haven't done any bug reporting before, so my apologies if the something is missing/misconfigured.

EDIT: The bug has been closed as the problem should not affect our kernel.

Last edited by tlvb (2009-08-15 13:20:35)

Arch Linux

#1 2009-08-14 14:58:21

New kernel vulnerability [bug closed, does not affect our kernels]

#2 2009-08-14 15:42:40

Re: New kernel vulnerability [bug closed, does not affect our kernels]

#3 2009-08-14 16:05:29

Re: New kernel vulnerability [bug closed, does not affect our kernels]

Board footer