SB2005093005 - Resource management errors in Linux kernel
Published: September 30, 2005
Security Bulletin ID
SB2005093005
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management errors (CVE-ID: CVE-2005-3105)
The vulnerability allows a local user to perform service disruption.
The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections.
Remediation
Install update from vendor's website.
References
- http://cache-www.intel.com/cd/00/00/21/57/215792_215792.pdf
- http://linux.bkbits.net:8080/linux-2.6/cset@4248d4019z8HvgrPAji51TKrWiV2uw?nav=index.html|src/|src/mm|related/mm/mprotect.c
- http://secunia.com/advisories/18056
- http://www.debian.org/security/2005/dsa-922
- http://www.intel.com/cd/ids/developer/asmo-na/eng/215766.htm
- http://www.redhat.com/support/errata/RHSA-2005-514.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11283