Linux kernel vulnerabilities

2005-04-11T00:00:00
ID USN-110-1
Type ubuntu
Reporter Ubuntu
Modified 2005-04-11T00:00:00

Description

Alexander Nyberg discovered an integer overflow in the sysfs_write_file() function. A local attacker could exploit this to crash the kernel or possibly even execute arbitrary code with root privileges by writing to an user-writable file in /sys under certain low-memory conditions. However, there are very few cases where a user-writeable sysfs file actually exists. (CAN-2005-0867)

Olof Johansson discovered a Denial of Service vulnerability in the futex functions, which provide semaphores for exclusive locking of resources. A local attacker could possibly exploit this to cause a kernel deadlock. (CAN-2005-0937)

In addition this update fixes two race conditions in the ext3 and jfs file system drivers, which could lead to a kernel crash under certain (unusual) conditions. However, these cannot easily be triggered by users, thus they are not security sensitive. (<http://linux.bkbits.net:8080/linux-2.5/gnupatch@4248d87aETPJX79hVXl4owAUwu2SmQ>, <http://linux.bkbits.net:8080/linux-2.6/cset@1.2181.46.242)>