Upstream information
Description
The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 platforms allows local users to cause a denial of service (panic) via a 32-bit application that calls mprotect on its Virtual Dynamic Shared Object (VDSO) page and then triggers a segmentation fault.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 4.7 |
| Vector | AV:L/AC:M/Au:N/C:N/I:N/A:C |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Complete |
Note from the SUSE Security Team
This problem affects kernels 2.6.9 to 2.6.17, which would imply SUSE Linux Enterprise 10. However it requires the COMPAT_VDSO option specified for the 32bit compatbility mode, which we do not set.This means that no version of SUSE Linux Enterprise or openSUSE is affected by this problem.
Note from the SUSE Security Team on the kernel-default package
SUSE will no longer fix all CVEs in the Linux Kernel anymore, but declare some bug classes as won't fix. Please refer to TID 21496 for more details.SUSE Bugzilla entry: 589036 [RESOLVED / INVALID]
No SUSE Security Announcements cross referenced.
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 17:24:40 2013CVE page last modified: Mon Mar 17 16:17:10 2025