A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code.

Tested & known to be vulnerable kernel versions are all <= 2.2.25, <= 2.4.24 & <= 2.6.2. The 2.2.25 version of Linux kernel does not recognize the MREMAP_FIXED flag but this does not prevent the bug from being successfully exploited. All users are encouraged to patch all vulnerable systems as soon as appropriate vendor patches are released. There is no hotfix for this vulnerablity. Limited per user virtual
memory still permits do_munmap() to fail.

Would you like to know more?