Second Linux kernel mremap() bug

By Thomas McGuire on February 18, 2004, 2:54 PM
Issue:
======
A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code.

Tested & known to be vulnerable kernel versions are all <= 2.2.25, <= 2.4.24 & <= 2.6.2. The 2.2.25 version of Linux kernel does not recognize the MREMAP_FIXED flag but this does not prevent the bug from being successfully exploited. All users are encouraged to patch all vulnerable systems as soon as appropriate vendor patches are released. There is no hotfix for this vulnerablity. Limited per user virtual
memory still permits do_munmap() to fail.

Would you like to know more?

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.