Info

Disclosure

May 18, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 18, 2011

Description

Linux Kernel contains a flaw in the m_stop implementation that may allow a local denial of service. The issue is due to an error in the m_stop function in fs/proc/task_mmu.c. With a specially crafted request triggering an m_start error, a local attacker can cause a kernel panic.

Classification

Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Upgrade, Third-Party Solution
Exploit: Exploit Unknown
Disclosure: Vendor Verified, Third-party Verified, Coordinated Disclosure
OSVDB: Authentication Required

Solution

It has been reported that this issue has been fixed. Upgrade to version 2.6.39, or higher, to address this vulnerability.

Products

Linux Kernel Organization, Inc.

Kernel

2.6.38

References

CVE ID: 2011-3637 (see also: NVD)
SCIP VulDB ID: 4544
Secunia Advisory ID: 47511 47512 48140
Bugtraq ID: 51361
Vendor Specific News/Changelog Entry: http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=76597cd31470fa130784c78fadb4dab2e624a723
http://wiki.openvz.org/Download/kernel/rhel5/028stab098.1
https://bugzilla.redhat.com/show_bug.cgi?id=747848
https://github.com/torvalds/linux/commit/76597cd31470fa130784c78fadb4dab2e624a723
Vendor URL: http://www.kernel.org/
Other Advisory URL: http://www.openwall.com/lists/oss-security/2012/02/06/1
RedHat RHSA: RHSA-2012:0007 RHSA-2012:0010

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/78302