tag 303140 +pending thanks On Mon, Apr 04, 2005 at 11:51:28PM +0200, Moritz Muehlenhoff wrote: > Package: kernel-source-2.6.8 > Version: 2.6.8-15 > Severity: important > Tags: security > > Hi, > CAN-2005-0937 describes the following Denial-of-Service vulnerability: > > Some futex functions in futex.c for Linux kernel 2.6.x perform get_user > calls while holding the mmap_sem semaphore, which could allow local > users to cause a deadlock condition in do_page_fault by triggering > get_user faults while another thread is executing mmap or other functions. > > Patch is available at: > http://linux.bkbits.net:8080/linux-2.6/[EMAIL PROTECTED]
Thanks, I have added this into SVN for 2.6.8. 2.6.11 appears to already have the patch from upstream. And futexes aren't in 2.4.27. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
