CVE-2009-0029
Published: 15 January 2009
The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call.
From the Ubuntu Security Team
The 64-bit syscall interfaces did not correctly handle sign extension. A local attacker could make malicious syscalls, possibly gaining root privileges. The x86_64 architecture was not affected.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Ignored
|
|
intrepid |
Ignored
|
|
upstream |
Released
(2.6.29~rc2)
|
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.15-54.76)
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
upstream |
Released
(2.6.29~rc2)
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
upstream |
Released
(2.6.29~rc2)
|