Bug 132729 (CVE-2005-3108) - VUL-0: CVE-2005-3108: kernel: leakage or dos in ioremap or other io memory map
Summary: VUL-0: CVE-2005-3108: kernel: leakage or dos in ioremap or other io memory map
Status: RESOLVED FIXED
Alias: CVE-2005-3108
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: x86-64 Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Andreas Kleen
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2005-3108: CVSS v2 Base Score: 2....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-08 15:49 UTC by Marcus Meissner
Modified: 2021-12-07 16:12 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2005-11-08 15:49:50 UTC 
CVE-2005-3108

mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist.

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=93ef70a217637ade3f335303a112b22a134a1ec2
Comment 1 Marcus Meissner 2005-11-08 15:51:12 UTC 
are there any user controlled processes that could have io mmaps?

if only root can exploit this we do not need to look at this I guess.

Andi?
Comment 2 Andreas Kleen 2005-11-17 02:28:46 UTC 
The change is already in SLES9

Also iounmap is a kernel internal function and cannot be normally used by
any user space process. So I don't see why this should be a VUL or CVE
(Someone must have been confused)
Comment 3 Marcus Meissner 2005-11-17 09:07:50 UTC 
thanks andi!
Comment 4 Thomas Biege 2009-10-13 21:48:20 UTC 
CVE-2005-3108: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)