Bug 105108 (CVE-2005-2617)

Summary: VUL-0: CVE-2005-2617: kernel: memory leak in x86_64/insert_vm_struct
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Andreas Kleen <ak>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-2617: CVSS v2 Base Score: 3.6 (AV:L/AC:L/Au:N/C:N/I:P/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: x86_64-insertvmstruct-leak.patch

Description Sebastian Krahmer 2005-08-17 07:44:11 UTC 
Date: Wed, 17 Aug 2005 08:59:55 +0200
From: Martin Pitt <martin.pitt@ubuntu.com>
To: Vendor Security <vendor-sec@lst.de>
Subject: [vendor-sec] Fwd: Re: CAN Request for kernel memory leak
Parts/Attachments:
   1 Shown    ~44 lines  Text
   2          196 bytes  Application, "Digital signature"
----------------------------------------

Hi everybody!

This was recently posted here, and I requested a CAN number for it.

FYI

Martin

----- Forwarded message from "Steven M. Christey" <coley@linus.mitre.org> -----

Date: Wed, 17 Aug 2005 02:06:30 -0400 (EDT)
From: "Steven M. Christey" <coley@linus.mitre.org>
To: Martin Pitt <martin.pitt@ubuntu.com>
Cc: cve@mitre.org
Subject: Re: CAN Request for kernel memory leak
X-Spam-Status: No, score=1.1 required=4.0 tests=AWL,BAYES_60 autolearn=no 
       version=3.0.3


======================================================
Candidate: CAN-2005-2617
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2617
Reference:
CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=c
ommit;h=9fb1759a3102c26cd8f64254a7c3e532782c2bb8
Reference:
CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=c
ommitdiff;h=9fb1759a3102c26cd8f64254a7c3e532782c2bb8

The syscall32_setup_pages function in syscall32.c for Linux kernel
2.6.x, on the 64-bit x86 platform, does not check the return value of
the insert_vm_struct function, which allows local users to trigger a
memory leak via a 32-bit application with crafted ELF headers.
Comment 1 Sebastian Krahmer 2005-08-17 07:44:46 UTC 
Not quite sure whether this one was already fixed in our kernels.
Comment 2 Marcus Meissner 2005-08-17 07:49:34 UTC 
Created attachment 46234 [details]
x86_64-insertvmstruct-leak.patch

git extract
Comment 3 Marcus Meissner 2005-08-17 07:50:04 UTC 
Andi, can you please check and comment if we need this for SLES or other 2.6 
kernels?
Comment 4 Marcus Meissner 2005-08-17 09:36:20 UTC 
From: Mark J Cox <mjc@redhat.com> 
 
I've not seen this here previously, but this seems to only affect 2.6.12 
and onwards (affected function not created until then)
Comment 5 Marcus Meissner 2005-08-17 15:35:30 UTC 
the code is neither in SLES 9 nor in 9.3... so i think the above comment 
applies.
Comment 6 Thomas Biege 2009-10-13 20:39:42 UTC 
CVE-2005-2617: CVSS v2 Base Score: 3.6 (AV:L/AC:L/Au:N/C:N/I:P/A:P)