Resource management errors in Linux kernel - CVE-2006-4814

Detailed vulnerability description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.

How to mitigate CVE-2006-4814

Sources

• http://lists.vmware.com/pipermail/security-announce/2008/000023.html
• http://rhn.redhat.com/errata/RHSA-2007-0014.html
• http://secunia.com/advisories/23436
• http://secunia.com/advisories/23609
• http://secunia.com/advisories/23997
• http://secunia.com/advisories/24098
• http://secunia.com/advisories/24100
• http://secunia.com/advisories/24206
• http://secunia.com/advisories/24482
• http://secunia.com/advisories/25691
• http://secunia.com/advisories/25714
• http://secunia.com/advisories/29058
• http://secunia.com/advisories/30110
• http://secunia.com/advisories/31246
• http://secunia.com/advisories/33280
• http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm
• http://www.debian.org/security/2007/dsa-1304
• http://www.debian.org/security/2008/dsa-1503
• http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.6
• http://www.mandriva.com/security/advisories?name=MDKSA-2007:040
• http://www.mandriva.com/security/advisories?name=MDKSA-2007:060
• http://www.novell.com/linux/security/advisories/2007_18_kernel.html
• http://www.redhat.com/support/errata/RHSA-2008-0211.html
• http://www.redhat.com/support/errata/RHSA-2008-0787.html
• http://www.securityfocus.com/archive/1/471457
• http://www.securityfocus.com/bid/21663
• http://www.trustix.org/errata/2007/0002/
• http://www.ubuntu.com/usn/usn-416-1
• http://www.vupen.com/english/advisories/2006/5082
• http://www.vupen.com/english/advisories/2008/2222/references
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9648