136017 – VUL-0: kernel: local dos by integer overflow in mm/truncate.c

Bug 136017 - VUL-0: kernel: local dos by integer overflow in mm/truncate.c

Summary: VUL-0: kernel: local dos by integer overflow in mm/truncate.c

Status:	RESOLVED FIXED

Alias:	None

Product:	SUSE LINUX 10.0
Classification:	openSUSE
Component:	Kernel (show other bugs)
Version:	Final
Hardware:	64bit Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Lars Marowsky-Bree
QA Contact:	E-mail List

URL:
Whiteboard:	CVE-2005-3808: CVSS v2 Base Score: 4....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-11-30 10:03 UTC by Marcus Meissner
Modified:	2009-10-13 20:40 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2005-11-30 10:03:55 UTC

is public.

CVE-2005-3808

"Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are not properly handled on a 32-bit system."

http://www.kernel.org/hg/linux-2.6/?cs=6d5ffbb49406

http://seclists.org/lists/linux-kernel/2005/Nov/7839.html



according to description only affects 9.3 and 10.0.

Comment 1 Lars Marowsky-Bree 2005-12-13 15:07:28 UTC

Committed to 10.0 as-is, adapted slightly for 9.3.

Comment 2 Thomas Biege 2009-10-13 20:40:14 UTC

CVE-2005-3808: CVSS v2 Base Score: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)