Upstream information

CVE-2007-6417 at MITRE

Description

The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash).

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.2
Vector AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 349466 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.1
  • kernel-bigsmp >= 2.6.16.54-0.2.5
  • kernel-debug >= 2.6.16.54-0.2.5
  • kernel-default >= 2.6.16.54-0.2.5
  • kernel-iseries64 >= 2.6.16.54-0.2.5
  • kernel-kdump >= 2.6.16.54-0.2.5
  • kernel-ppc64 >= 2.6.16.54-0.2.5
  • kernel-smp >= 2.6.16.54-0.2.5
  • kernel-source >= 2.6.16.54-0.2.5
  • kernel-syms >= 2.6.16.54-0.2.5
  • kernel-um >= 2.6.16.54-0.2.5
  • kernel-xen >= 2.6.16.54-0.2.5
  • kernel-xenpae >= 2.6.16.54-0.2.5
  • kexec-tools >= 1.101-32.45.1
  • mkinitrd >= 1.2-106.62.1
  • multipath-tools >= 0.4.6-25.23
  • open-iscsi >= 2.0.707-0.32
  • udev >= 085-30.44.1