Red Hat Bugzilla – Bug 431206
CVE-2008-0009 kernel: Inappropriate dereference of user-supplied memory pointers
Last modified: 2008-02-10 15:14:02 EST
Description of problem:
A new system call named vmsplice() was introduced in the 2.6.17
release of the Linux kernel.
Inappropriate dereference of user-supplied memory pointers in the
code beginning at line 1378 in the vmsplice_to_user() kernel
The patch for this issue not provided by the reporter.
see bug #432251
There was a bit of confusion as the code changed since introduction 2.6.17, so
Red Hat Enterprise Linux kernels had code different to upstream.
CVE-2008-0009 and CVE-2008-0010 only affected kernels 2.6.22+ so Red Hat
Enterprise Linux was not affected
CVE-2008-0600 affected kernels 2.6.17+ so affects Red Hat Enterprise Linux 5.
Closing this CVE-2008-0009 bug as it doesn't affect RHEL.