DSA-1494 linux-2.6 -- missing access checksID: oval:org.mitre.oval:def:7882 | Date: (C)2009-12-15 (M)2023-02-20 |
Class: PATCH | Family: unix |
The vmsplice system call did not properly verify address arguments passed by user space processes, which allowed local attackers to overwrite arbitrary kernel memory, gaining root privileges (CVE-2008-0010, CVE-2008-0600). In the vserver-enabled kernels, a missing access check on certain symlinks in /proc enabled local attackers to access resources in other vservers (CVE-2008-0163). The old stable distribution (sarge) is not affected by this problem.