| 1 |
Candidate: CVE-2007-6694
|
| 2 |
Description:
|
| 3 |
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21
|
| 4 |
through 2.6.18-53, when running on PowerPC, might allow local users
|
| 5 |
to cause a denial of service (crash) via unknown vectors that cause
|
| 6 |
the of_get_property function to fail, which triggers a NULL pointer
|
| 7 |
dereference.
|
| 8 |
References:
|
| 9 |
http://marc.info/?l=linux-kernel&m=119576191029571&w=2
|
| 10 |
Ubuntu-Description:
|
| 11 |
It was discovered that PowerPC kernels did not correctly handle reporting
|
| 12 |
certain system details. By requesting a specific set of information,
|
| 13 |
a local attacker could cause a system crash resulting in a denial
|
| 14 |
of service.
|
| 15 |
Notes:
|
| 16 |
jmm> This appears more of a regular bug with a specific piece of hw
|
| 17 |
jmm> than a security problem. Do we support the chrp POWER platform?
|
| 18 |
Bugs:
|
| 19 |
upstream:
|
| 20 |
linux-2.6:
|
| 21 |
2.6.18-etch-security: released (2.6.18.dfsg.1-18etch2) [bugfix/powerpc-chrp-null-deref.patch]
|
| 22 |
2.6.8-sarge-security: released (2.6.8-17sarge2) [powerpc-chrp-null-deref.dpatch]
|
| 23 |
2.4.27-sarge-security: released (2.4.27-10sarge6) [265_powerpc-chrp-null-deref.diff]
|
| 24 |
2.6.15-dapper-security: released (2.6.15-52.67)
|
| 25 |
2.6.17-edgy-security: ignored (EOL)
|
| 26 |
2.6.20-feisty-security: released (2.6.20-17.36)
|
| 27 |
2.6.22-gutsy-security: released (2.6.22-15.54)
|
| 28 |
2.6.24-hardy-security: released (2.6.24-19.34)
|
Parent Directory
| 
Revision Log