CVE-2005-0001

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.2.x through 2.2.7 Linux kernel versions 2.4 through 2.4.29 Linux kernel versions 2.6 through 2.6.10 Debian GNU/Linux kernel-image-2.4.19-sun4u-smp (affected versions not specified) Debian GNU/Linux kernel-image-2.4.18-powerpc-xfs (affected versions not specified) Debian GNU/Linux kernel-image-2.4.18-sun4u (affected versions not specified) Debian GNU/Linux kernel-patch-benh (affected versions not specified) Debian GNU/Linux kernel-image-2.4.18-sun4u-smp (affected versions not specified) Debian GNU/Linux kernel-headers-2.4.19-sparc (affected versions not specified) Debian GNU/Linux kernel-headers-2.4.18-sparc (affected versions not specified) Debian GNU/Linux kernel-image-2.4.19-sun4u (affected versions not specified)

Description A race condition in the page fault handler for Linux kernel allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion. Multiple vulnerabilities in Debian GNU/Linux kernel packages may lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For Linux kernel versions 2.2.x through 2.2.7, update to a version outside of this range to resolve the issue. For Linux kernel versions 2.4 through 2.4.29, update to a version outside of this range to resolve the issue. For Linux kernel versions 2.6 through 2.6.10, update to a version outside of this range to resolve the issue. For Debian GNU/Linux kernel-image-2.4.19-sun4u-smp, kernel-image-2.4.18-powerpc-xfs, kernel-image-2.4.18-sun4u, kernel-patch-benh, kernel-image-2.4.18-sun4u-smp, kernel-headers-2.4.19-sparc, kernel-headers-2.4.18-sparc, and kernel-image-2.4.19-sun4u, update to a version that is not vulnerable to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable kernel packages until a patch is available.