CVE-2008-3535

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.27-rc2 linux-headers-2.6.24-etchnhalf.1-r5k-ip32 (affected versions not specified) linux-headers-2.6.24-etchnhalf.1-all-mips (affected versions not specified) linux-headers-2.6.24-etchnhalf.1-r4k-ip22 (affected versions not specified) linux-image-2.6.24-etchnhalf.1-r5k-ip32 (affected versions not specified) linux-image-2.6.24-etchnhalf.1-r4k-ip22 (affected versions not specified)

Description The issue is caused by an off-by-one error in the iov iter advance function in mm/filemap.c in the Linux kernel. This can lead to a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev. Additionally, multiple vulnerabilities in Debian GNU/Linux packages may allow remote exploitation, leading to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For Linux kernel versions prior to 2.6.27-rc2: Update to version 2.6.27-rc2 or later to resolve the issue. For linux-headers-2.6.24-etchnhalf.1-r5k-ip32, linux-headers-2.6.24-etchnhalf.1-all-mips, linux-headers-2.6.24-etchnhalf.1-r4k-ip22, linux-image-2.6.24-etchnhalf.1-r5k-ip32, and linux-image-2.6.24-etchnhalf.1-r4k-ip22: At the moment, there is no information about a newer version that contains a fix for this vulnerability.