Ubuntu
linux-source-2.6.22 package

  1. Bug #190587
  2. Comment #88

Comment 88 for bug 190587

Revision history for this message
In , mjc (mjc-redhat-bugs) wrote :

A new system call named vmsplice() was introduced in the 2.6.17
release of the Linux kernel.

COSEINC reported two issues affecting vmsplice, CVE-2008-0009 and CVE-2008-0010.

On Saturday 20080210 a public exploit was released that utilised a similar flaw
in vmsplice (vmsplice_to_pipe function) to allow a local user to gain privileges
on some architectures.

See also
http://marc.info/?t=120263655300003&r=1&w=2

This issue will affect kernels 2.6.17+ and therefore affected Red Hat Enterprise
Linux 5, but not Red Hat Enterprise Linux 4, 3, or 2.1.