Linux Kernel AIO_Setup_Ring Local Denial of Service Vulnerability

Bugtraq ID:	22193
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2006-5754
Remote:	No
Local:	Yes
Published:	Jan 23 2007 12:00AM
Updated:	Jun 18 2007 04:09PM
Credit:	This issue was disclosed in the referenced Mandriva advisory.
Vulnerable:	SuSE Linux Enterprise Server 9 S.u.S.E. CORE 9 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Desktop 4.0 Novell Open Enterprise Server (OES) 0 Novell Linux POS 9 Novell Linux Desktop 9 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Linux kernel 2.6.19 .2 Linux kernel 2.6.19 .1 Linux kernel 2.6.19 .1 Linux kernel 2.6.19 -rc4 Linux kernel 2.6.19 -rc3 Linux kernel 2.6.19 -rc2 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.19 -rc1 Linux kernel 2.6.18 .4 Linux kernel 2.6.18 .3 Linux kernel 2.6.18 .1 Linux kernel 2.6.17 .9 Linux kernel 2.6.17 .8 Linux kernel 2.6.17 .7 Linux kernel 2.6.17 .6 Linux kernel 2.6.17 .5 Linux kernel 2.6.17 .4 Linux kernel 2.6.17 .3 Linux kernel 2.6.17 .14 Linux kernel 2.6.17 .13 Linux kernel 2.6.17 .12 Linux kernel 2.6.17 .11 Linux kernel 2.6.17 .10 Linux kernel 2.6.17 .1 Linux kernel 2.6.17 -rc5 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.17 Linux kernel 2.6.16 27 Linux kernel 2.6.16 13 Linux kernel 2.6.16 .9 Linux kernel 2.6.16 .8 Linux kernel 2.6.16 .7 Linux kernel 2.6.16 .5 Linux kernel 2.6.16 .4 Linux kernel 2.6.16 .3 Linux kernel 2.6.16 .23 Linux kernel 2.6.16 .21 Linux kernel 2.6.16 .2 Linux kernel 2.6.16 .19 Linux kernel 2.6.16 .18 Linux kernel 2.6.16 .17 Linux kernel 2.6.16 .16 Linux kernel 2.6.16 .12 Linux kernel 2.6.16 .11 Linux kernel 2.6.16 .1 Linux kernel 2.6.16 -rc1 Linux kernel 2.6.16 Linux kernel 2.6.15 .6 Linux kernel 2.6.15 .4 Linux kernel 2.6.15 .3 Linux kernel 2.6.15 .2 Linux kernel 2.6.15 .1 Linux kernel 2.6.15 -rc6 Linux kernel 2.6.15 -rc5 Linux kernel 2.6.15 -rc4 Linux kernel 2.6.15 -rc3 Linux kernel 2.6.15 -rc2 Linux kernel 2.6.15 -rc1 Linux kernel 2.6.15 Linux kernel 2.6.14 .5 Linux kernel 2.6.14 .4 Linux kernel 2.6.14 .3 Linux kernel 2.6.14 .2 Linux kernel 2.6.14 .1 Linux kernel 2.6.14 -rc4 Linux kernel 2.6.14 -rc3 Linux kernel 2.6.14 -rc2 Linux kernel 2.6.14 -rc1 Linux kernel 2.6.14 Linux kernel 2.6.13 .4 Linux kernel 2.6.13 .3 Linux kernel 2.6.13 .2 Linux kernel 2.6.13 .1 Linux kernel 2.6.13 -rc7 Linux kernel 2.6.13 -rc6 Linux kernel 2.6.13 -rc4 Linux kernel 2.6.13 -rc1 Linux kernel 2.6.13 Linux kernel 2.6.12 .6 Linux kernel 2.6.12 .5 Linux kernel 2.6.12 .4 Linux kernel 2.6.12 .3 Linux kernel 2.6.12 .22 Linux kernel 2.6.12 .2 Linux kernel 2.6.12 .12 Linux kernel 2.6.12 .1 Linux kernel 2.6.12 -rc5 Linux kernel 2.6.12 -rc4 Linux kernel 2.6.12 -rc1 Linux kernel 2.6.12 Linux kernel 2.6.11 .8 Linux kernel 2.6.11 .7 Linux kernel 2.6.11 .6 Linux kernel 2.6.11 .5 Linux kernel 2.6.11 .4 Linux kernel 2.6.11 .12 Linux kernel 2.6.11 .11 Linux kernel 2.6.11 -rc4 Linux kernel 2.6.11 -rc3 Linux kernel 2.6.11 -rc2 Linux kernel 2.6.11 Linux kernel 2.6.10 rc2 Linux kernel 2.6.10 + Redhat Fedora Core3 + Redhat Fedora Core2 + Trustix Secure Linux 3.0 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 Linux kernel 2.6.9 Linux kernel 2.6.8 rc3 Linux kernel 2.6.8 rc2 Linux kernel 2.6.8 rc1 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Linux kernel 2.6.8 Linux kernel 2.6.7 rc1 Linux kernel 2.6.7 Linux kernel 2.6.6 rc1 Linux kernel 2.6.6 Linux kernel 2.6.5 Linux kernel 2.6.4 Linux kernel 2.6.3 Linux kernel 2.6.2 Linux kernel 2.6.1 -rc2 Linux kernel 2.6.1 -rc1 Linux kernel 2.6.1 Linux kernel 2.6 .10 Linux kernel 2.6 -test9-CVS Linux kernel 2.6 -test9 Linux kernel 2.6 -test8 Linux kernel 2.6 -test7 Linux kernel 2.6 -test6 Linux kernel 2.6 -test5 Linux kernel 2.6 -test4 Linux kernel 2.6 -test3 Linux kernel 2.6 -test2 Linux kernel 2.6 -test11 Linux kernel 2.6 -test10 Linux kernel 2.6 -test1 Linux kernel 2.6 Linux kernel 2.6.8.1 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Linux kernel 2.6.20-rc2 Linux kernel 2.6.18 Linux kernel 2.6.15.5 Linux kernel 2.6.15.11 Linux kernel 2.6.11.4 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Avaya SES 3.0 Avaya SES 2.0 Avaya S8710 R2.0.1 Avaya S8710 R2.0.0 Avaya S8710 CM 3.1 Avaya S8710 CM 2.0 Avaya S8700 R2.0.1 Avaya S8700 R2.0.0 Avaya S8700 CM 3.1 Avaya S8700 CM 2.0 Avaya S8500 R2.0.1 Avaya S8500 R2.0.0 Avaya S8500 CM 3.1 Avaya S8500 CM 2.0 Avaya S8500 0 Avaya S8300 R2.0.1 Avaya S8300 R2.0.0 Avaya S8300 CM 3.1 Avaya S8300 CM 2.0 Avaya S8300 0 Avaya Messaging Storage Server MM3.0 Avaya CCS 3.0 Avaya CCS 2.0 Avaya AES 3.1
Not Vulnerable:

Linux Kernel AIO_Setup_Ring Local Denial of Service Vulnerability

The Linux kernel is prone to a local denial-of-service vulnerability because the kernel fails to properly initialize a variable.

Exploiting this issue allows local attackers to cause kernel crashes, denying service to legitimate users.

Linux Kernel AIO_Setup_Ring Local Denial of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Linux Kernel AIO_Setup_Ring Local Denial of Service Vulnerability

Solution:
Fixes have been released to address this issue. Please see the references for more information.


Linux kernel 2.6.3

• Mandriva kernel-2.6.3.36mdk-1-1mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva kernel-2.6.3.36mdk-1-1mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva kernel-BOOT-2.6.3.36mdk-1-1mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva kernel-BOOT-2.6.3.36mdk-1-1mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva kernel-doc-2.6.3-36mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva kernel-doc-2.6.3-36mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva kernel-enterprise-2.6.3.36mdk-1-1mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva kernel-i686-up-4GB-2.6.3.36mdk-1-1mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva kernel-p3-smp-64GB-2.6.3.36mdk-1-1mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva kernel-secure-2.6.3.36mdk-1-1mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva kernel-secure-2.6.3.36mdk-1-1mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva kernel-smp-2.6.3.36mdk-1-1mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva kernel-smp-2.6.3.36mdk-1-1mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva kernel-source-2.6.3-36mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva kernel-source-2.6.3-36mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva kernel-source-stripped-2.6.3-36mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva kernel-source-stripped-2.6.3-36mdk.x86_64.rpm
  Corporate 3.0/X86_64:
  http://www.mandriva.com/en/download

Linux Kernel AIO_Setup_Ring Local Denial of Service Vulnerability

References:

• ASA-2007-063 - kernel security update (RHSA-2007-0014) (Avaya)
  
• Linux Kernel Homepage (Linux)
  
• RHSA-2007:0014-6 (Redhat)