Bug 431206 (CVE-2008-0009) - CVE-2008-0009 kernel: Inappropriate dereference of user-supplied memory pointers
Summary: CVE-2008-0009 kernel: Inappropriate dereference of user-supplied memory pointers
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2008-0009
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 431209 431210 432229
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-02-01 15:17 UTC by Jan Lieskovsky
Modified: 2021-11-12 19:47 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-02-10 16:42:11 UTC
Embargoed:

Attachments (Terms of Use)

Description Jan Lieskovsky 2008-02-01 15:17:48 UTC 
Description of problem:

A new system call named vmsplice() was introduced in the 2.6.17
release of the Linux kernel. 

Inappropriate dereference of user-supplied memory pointers in the
code beginning at line 1378 in the vmsplice_to_user() kernel
function (fs/splice.c):

The patch for this issue not provided by the reporter.
Comment 11 Mark J. Cox 2008-02-10 13:38:30 UTC 
see bug #432251
Comment 13 Mark J. Cox 2008-02-10 16:42:11 UTC 
There was a bit of confusion as the code changed since introduction 2.6.17, so
Red Hat Enterprise Linux kernels had code different to upstream.

CVE-2008-0009 and CVE-2008-0010 only affected kernels 2.6.22+ so Red Hat
Enterprise Linux was not affected

CVE-2008-0600 affected kernels 2.6.17+ so affects Red Hat Enterprise Linux 5. 
Closing this CVE-2008-0009 bug as it doesn't affect RHEL.
Note You need to log in before you can comment on or make changes to this bug.