The execve function in the Linux kernel, possibly 2.6.30-rc6 and previous versions, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
linux linux kernel 2.6.30 |
||
novell linux desktop 9 |
||
opensuse opensuse 11.0 |
||
suse linux enterprise desktop 10 |
||
suse linux enterprise server 9 |
||
suse linux enterprise server 10 |
||
fedoraproject fedora 11 |
||
canonical ubuntu linux 6.06 |
||
canonical ubuntu linux 8.04 |
||
canonical ubuntu linux 8.10 |
||
canonical ubuntu linux 9.04 |
||
redhat enterprise linux desktop 3.0 |
||
redhat enterprise linux desktop 5.0 |
||
redhat enterprise linux server 3.0 |
||
redhat enterprise linux server 5.0 |
||
redhat enterprise linux workstation 3.0 |
||
redhat enterprise linux workstation 5.0 |
||
vmware esx 4.0 |
||
vmware vma 4.0 |