Red Hat Bugzilla – Bug 460251
CVE-2008-3527 kernel: missing boundary checks in syscall/syscall32_nopage()
Last modified: 2010-12-21 12:24:17 EST
Description of problem:
Tavis Ormandy reported missing boundary checks in the Virtual Dynamic Shared Objects (vDSO) implementation. This could allow a local unprivileged user to cause a denial of service or privilege escalation.
Proposed upstream patch:
The patch should fix both the i386 and the x86_64/ia32 bits.
Created attachment 322397 [details]
Upstream patch for this issue
Created attachment 322399 [details]
Proposed backported patch
This was addressed via:
Red Hat Enterprise Linux version 5 (RHSA-2008:0957)