APPLIED: [CVE-2011-2484] taskstats: don't allow duplicate entries in listener mode
Tim Gardner
tim.gardner at canonical.com
Thu Jul 7 13:11:03 UTC 2011
On 07/07/2011 05:17 AM, Andy Whitcroft wrote:
> CVE-2011-2484
> The add_del_listener function in kernel/taskstats.c in the Linux
> kernel 2.6.39.1 and earlier does not prevent multiple registrations
> of exit handlers, which allows local users to cause a denial of
> service (memory and CPU consumption), and bypass the OOM Killer,
> via a crafted application.
>
> The fix for this issue has already hit oneiric via upstream. Following
> this email are two patches, one a backport for hardy, and the other a
> clean cherry-pick of the upstream commit for lucid, lucid/fsl-imx51,
> maverick, maverick/ti-omap4, natty, and natty/ti-omap4.
>
> Proposing for SRU to hardy, lucid, lucid/fsl-imx51, maverick,
> maverick/ti-omap4, natty, and natty/ti-omap4.
>
> -apw
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list