Bug 136017

Summary:	VUL-0: kernel: local dos by integer overflow in mm/truncate.c
Product:	[openSUSE] SUSE LINUX 10.0	Reporter:	Marcus Meissner <meissner>
Component:	Kernel	Assignee:	Lars Marowsky-Bree <lmb>
Status:	RESOLVED FIXED	QA Contact:	E-mail List <qa-bugs>
Severity:	Normal
Priority:	P5 - None	CC:	security-team
Version:	Final
Target Milestone:	---
Hardware:	64bit
OS:	Other
Whiteboard:	CVE-2005-3808: CVSS v2 Base Score: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Found By:	Other	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Marcus Meissner 2005-11-30 10:03:55 UTC

is public.

CVE-2005-3808

"Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are not properly handled on a 32-bit system."

http://www.kernel.org/hg/linux-2.6/?cs=6d5ffbb49406

http://seclists.org/lists/linux-kernel/2005/Nov/7839.html



according to description only affects 9.3 and 10.0.

Comment 1 Lars Marowsky-Bree 2005-12-13 15:07:28 UTC

Committed to 10.0 as-is, adapted slightly for 9.3.

Comment 2 Thomas Biege 2009-10-13 20:40:14 UTC

CVE-2005-3808: CVSS v2 Base Score: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)