Upstream information
Description
The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 platforms allows local users to cause a denial of service (panic) via a 32-bit application that calls mprotect on its Virtual Dynamic Shared Object (VDSO) page and then triggers a segmentation fault.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 4.7 |
| Vector | AV:L/AC:M/Au:N/C:N/I:N/A:C |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Complete |
Note from the SUSE Security Team
This problem affects kernels 2.6.9 to 2.6.17, which would imply SUSE Linux Enterprise 10. However it requires the COMPAT_VDSO option specified for the 32bit compatbility mode, which we do not set.This means that no version of SUSE Linux Enterprise or openSUSE is affected by this problem. SUSE Bugzilla entry: 589036 [RESOLVED / INVALID] No SUSE Security Announcements cross referenced.
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 17:24:40 2013CVE page last modified: Wed Sep 11 11:11:31 2024