Bug 132729 (CVE-2005-3108)

Summary: VUL-0: CVE-2005-3108: kernel: leakage or dos in ioremap or other io memory map
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Andreas Kleen <ak>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: x86-64   
OS: Other   
Whiteboard: CVE-2005-3108: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2005-11-08 15:49:50 UTC 
CVE-2005-3108

mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist.

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2
Comment 1 Marcus Meissner 2005-11-08 15:51:12 UTC 
are there any user controlled processes that could have io mmaps?

if only root can exploit this we do not need to look at this I guess.

Andi?
Comment 2 Andreas Kleen 2005-11-17 02:28:46 UTC 
The change is already in SLES9

Also iounmap is a kernel internal function and cannot be normally used by
any user space process. So I don't see why this should be a VUL or CVE
(Someone must have been confused)
Comment 3 Marcus Meissner 2005-11-17 09:07:50 UTC 
thanks andi!
Comment 4 Thomas Biege 2009-10-13 21:48:20 UTC 
CVE-2005-3108: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)