SB2008102101 - Improper input validation in Linux kernel

Security Bulletin ID SB2008102101

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper input validation (CVE-ID: CVE-2008-4618)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation error within the config_cmd() function in arch/arm/common/via82c505.c, within the sa1110_mb_enable() function in arch/arm/common/sa1111.c, within the obj-$() function in arch/arm/common/makefile, within the idedcc_putc() function in arch/arm/boot/compressed/misc.c, within the #() function in arch/arm/boot/compressed/head-xscale.s, within the #() function in arch/arm/boot/compressed/big-endian.s, within the $() function in arch/arm/boot/compressed/makefile.debug, within the $() function in arch/arm/boot/compressed/makefile, within the ev67_reg_setup() function in arch/alpha/oprofile/op_model_ev67.c, within the ev6_reg_setup() function in arch/alpha/oprofile/op_model_ev6.c, within the ev4_reg_setup() function in arch/alpha/oprofile/op_model_ev4.c, within the __attribute__() function in arch/alpha/oprofile/common.c, within the obj-$() function in arch/alpha/oprofile/makefile, within the remap_area_pte() function in arch/alpha/mm/remap.c, within the sort_extable() function in arch/alpha/mm/extable.c, within the obj-$() function in arch/alpha/mm/makefile, within the obj-$() function in arch/alpha/math-emu/makefile, within the strcasecmp() function in arch/alpha/lib/strcasecmp.c, within the $30,-x() function in arch/alpha/lib/stacktrace.c, within the srm_puts() function in arch/alpha/lib/srm_puts.c, within the srm_printk() function in arch/alpha/lib/srm_printk.c, within the 0() function in arch/alpha/lib/memmove.s, within the 0() function in arch/alpha/lib/ev67-strrchr.s, within the 0() function in arch/alpha/lib/ev67-strncat.s, within the 0() function in arch/alpha/lib/ev67-strlen.s, within the 0() function in arch/alpha/lib/ev67-strchr.s, within the memcpy() function in arch/alpha/lib/ev6-memcpy.s, within the csum_ipv6_magic() function in arch/alpha/lib/ev6-csum_ipv6_magic.s, within the wh64() function in arch/alpha/lib/ev6-clear_page.s, within the atomic_dec_and_lock() function in arch/alpha/lib/dec_and_lock.c, within the csum_ipv6_magic() function in arch/alpha/lib/csum_ipv6_magic.s, within the 1: ldq $0,0() function in arch/alpha/lib/copy_page.s, within the 1: stq $31,0() function in arch/alpha/lib/clear_page.s, within the defined() function in arch/alpha/lib/callback_srm.s, within the $() function in arch/alpha/lib/makefile, within the output_format() function in arch/alpha/kernel/vmlinux.lds.s, within the io7_device_interrupt() function in arch/alpha/kernel/sys_marvel.c, within the dbg_devs() function in arch/alpha/kernel/smc37c93x.c, within the dbg_devs() function in arch/alpha/kernel/smc37c669.c, within the dbga() function in arch/alpha/kernel/pci_iommu.c, within the alloc_pci_controller() function in arch/alpha/kernel/pci-noop.c, within the define_spinlock() function in arch/alpha/kernel/irq_srm.c, within the define_spinlock() function in arch/alpha/kernel/irq_i8259.c, within the dummy_perf() function in arch/alpha/kernel/irq_alpha.c, within the ioread8() function in arch/alpha/kernel/io.c, within the init_signals() function in arch/alpha/kernel/init_task.c, within the gct6_find_nodes() function in arch/alpha/kernel/gct.c, within the 0() function in arch/alpha/kernel/entry.s, within the __attribute__() function in arch/alpha/kernel/core_titan.c, within the dbg_cfg() function in arch/alpha/kernel/core_polaris.c, within the dbg_cfg() function in arch/alpha/kernel/core_marvel.c, within the default_vga_hose_select() function in arch/alpha/kernel/console.c, within the define() function in arch/alpha/kernel/asm-offsets.c, within the dump_thread() function in arch/alpha/kernel/alpha_ksyms.c, within the $() function in arch/alpha/kernel/makefile, within the memzero() function in arch/alpha/boot/misc.c, within the 2: ldgp $29,0() function in arch/alpha/boot/head.s, within the output_format() function in arch/alpha/boot/bootloader.lds, within the autoconfig() function in documentation/zorro.txt, within the functions() function in documentation/w1/w1.generic, within the swap_out() function in documentation/vm/locking, within the tcpdump() function in documentation/usb/usbmon.txt, within the node() function in documentation/usb/usb-serial.txt, within the tty_register_ldisc() function in documentation/tty.txt, within the xxx_init() function in documentation/spinlocks.txt, within the ad1816() function in documentation/sound/oss/ad1816, within the <nothing>() function in documentation/sound/alsa/controlnames.txt, within the __initfunc() function in documentation/scsi/in2000.txt, within the o() function in documentation/sched-design.txt, within the o() function in documentation/sched-coding.txt, within the comtrol() function in documentation/rocket.txt, within the tux[smp_processor_id() function in documentation/preempt-locking.txt, within the hub_events() function in documentation/power/kernel_threads.txt, within the mmap() function in documentation/nommu-mmap.txt, within the tr4/16() function in documentation/networking/tms380tr.txt, within the tcp_get_info() function in documentation/networking/proc_net_tcp.txt, within the 13101142() function in documentation/networking/pktgen.txt, within the ioctl() function in documentation/networking/netif-msg.txt, within the insmod-time() function in documentation/networking/net-modules.txt, within the dmfe yes yes yes software() function in documentation/networking/multicast.txt, within the intel() function in documentation/networking/ixgb.txt, within the intel() function in documentation/networking/e1000.txt, within the intel() function in documentation/networking/e100.txt, within the drv_hard_start_xmit() function in documentation/networking/driver.txt, within the dm9102() function in documentation/networking/dmfe.txt, within the mono() function in documentation/mono.txt, within the pcibios_init() function in documentation/mips/pci/pci.readme, within the flock() function in documentation/mandatory.txt, within the flock() function in documentation/locks.txt, within the module() function in documentation/kbuild/modules.txt, within the hostprogs-$() function in documentation/kbuild/makefiles.txt, within the java() function in documentation/java.txt, within the ioctl() function in documentation/ioctl/hdio.txt, within the ioctl() function in documentation/ioctl/cdrom.txt, within the button_interrupt() function in documentation/input/input-programming.txt, within the inb() function in documentation/input/gameport-programming.txt, within the gettime() function in documentation/ia64/efirtc.txt, within the 2.00:() function in documentation/i386/boot.txt, within the saxena() function in documentation/i2o/ioctl, within the support() function in documentation/i2o/readme, within the id() function in documentation/i2c/writing-clients, within the damr6-10 kmap_atomic() function in documentation/fujitsu/frv/mmu-layout.txt, within the request_firmware() function in documentation/firmware_class/readme, within the sysfs_create_file() function in documentation/filesystems/sysfs.txt, within the sb_bread() function in documentation/filesystems/porting, within the netware() function in documentation/filesystems/ncpfs.txt, within the verify_area() function in documentation/exception.txt, within the module_init() function in documentation/driver-model/porting.txt, within the add() function in documentation/driver-model/platform.txt, within the int() function in documentation/driver-model/bus.txt, within the match() function in documentation/driver-model/binding.txt, within the fcntl() function in documentation/dnotify.txt, within the kcopyd_client_create() function in documentation/device-mapper/kcopyd.txt, within the dm_io_sync() function in documentation/device-mapper/dm-io.txt, within the linux() function in documentation/cpu-freq/user-guide.txt, within the linux() function in documentation/cpu-freq/index.txt, within the linux() function in documentation/cpu-freq/governors.txt, within the linux() function in documentation/cpu-freq/cpu-drivers.txt, within the linux() function in documentation/cpu-freq/core.txt, within the cli() function in documentation/cli-sti-removal.txt, within the {\tt() function in documentation/cdrom/cdrom-standard.tex, within the $() function in documentation/cdrom/makefile, within the read_expire() function in documentation/block/deadline-iosched.txt, within the atomic_init() function in documentation/atomic_ops.txt, within the exp() function in documentation/arm/nwfpe/notes, within the get_irqnr() function in documentation/arm/sharp-lh/vectoredinterruptcontroller, within the arch/arm/kernel/setup.c:setup_arch() function in documentation/arm/setup, within the 29() function in documentation/arm/sa1100/graphicsclient, within the legned() function in documentation/arm/sa1100/freebird, within the __virt_to_phys() function in documentation/arm/porting, within the diff() function in documentation/submittingpatches, within the call_rcu() function in documentation/rcu/up.txt, within the virt_to_bus() function in documentation/io-mapping.txt, within the <othername>() function in documentation/docbook/procfs-guide.tmpl, within the declare_mutex(), cache_add(), down(), __object_put(), bug_on(), strlcpy(), spin_unlock_irqrestore(), spin_lock_irqsave(), atomic_set(), list_for_each_entry(), cache_delete_rcu() and cache_find() functions in documentation/docbook/kernel-locking.tmpl, within the usage() function in documentation/bk-usage/bksend. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

SB2008102101 - Improper input validation in Linux kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human