CVE-2008-1615

Publication date 8 May 2008

Last updated 24 July 2024

Ubuntu priority

Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.

From the Ubuntu Security Team

Jan Kratochvil discovered that PTRACE did not correctly handle certain calls when running under 64bit kernels. A local attacker could exploit this to crash the system, leading to a denial of service.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	8.04 LTS hardy	Fixed 2.6.24-19.36
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release
linux-source-2.6.15	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.06 LTS dapper	Fixed 2.6.15-52.69
linux-source-2.6.20	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	7.04 feisty	Fixed 2.6.20-17.37
	6.06 LTS dapper	Not in release
linux-source-2.6.22	8.04 LTS hardy	Not in release
	7.10 gutsy	Fixed 2.6.22-15.56
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release

Notes

kees

reproducer mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=431430 this is _only_ the CS corruption, so we can ignore the upstream fix

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Diff: http://marc.info/?l=linux-kernel&m=120219781932243
linux-source-2.6.22	Vendor: http://svn.debian.org/wsvn/kernel/dists/etch-security/linux-2.6/debian/patches/bugfix/amd64-cs-corruption.patch?op=file&rev=0&sc=0

CVE-2008-1615

From the Ubuntu Security Team

Status

Notes

kees

Patch details

References

Related Ubuntu Security Notices (USN)

Other references