Red Hat Bugzilla – Bug 144135
CAN-2004-1235 isec.pl do_brk() privilege escalation
Last modified: 2015-01-04 17:14:41 EST
isec.pl reported a missing down() on mmap_sem semaphore whilst calling do_brk;
so if do_brk() sleeps on a kmalloc it may get into a VMA list race - leading to
results similar to the do_brk exploit.
Attachment 109344 [details]
is the proposed patch for this issue.
This issue should also affect FC2.
fixed in todays updates.