Linux kernel vulnerabilities

ID USN-47-1
Type ubuntu
Reporter Ubuntu
Modified 2004-12-23T00:00:00


Georgi Guninski discovered two Denial of Service vulnerabilities in the Linux kernel.

An integer overflow in the vc_resize() function caused the memory allocation for the new screen being too short, thus causing a buffer overflow and a kernel crash.

There was also a memory leak in the ip_options_get() function. Calling ip_cmsg_send() very often would gradually exhaust memory.

Note: The original advisory (see URL above) also mentions a “ip_options_get integer overflow”. This was already fixed in USN-38-1 (known as CAN-2004-1016).