CVE-2008-3911

Name of the Vulnerable Software and Affected Versions openSUSE kernel-rt debug (affected versions not specified) openSUSE kernel-rt (affected versions not specified) Linux kernel version 2.6.26.3

Description The issue involves multiple vulnerabilities in the kernel-rt and kernel-rt debug packages of the openSUSE operating system, which can be exploited remotely to compromise the availability of protected information. A specific vulnerability in the Linux kernel 2.6.26.3 is related to the proc do xprt function in net/sunrpc/sysctl.c, where it fails to check the length of a certain buffer obtained from userspace. This allows local users to overflow a stack-based buffer via a crafted read system call for the /proc/sys/sunrpc/transports file.

Recommendations For openSUSE kernel-rt debug, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For openSUSE kernel-rt, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Linux kernel version 2.6.26.3, consider restricting access to the proc do xprt function in net/sunrpc/sysctl.c as a temporary workaround until a patch is available. Avoid using the /proc/sys/sunrpc/transports file in the affected API endpoint until the issue is resolved.