Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2008-2372

Publication date 2 July 2008

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages."

From the Ubuntu Security Team

It was discovered that the disabling of the ZERO_PAGE optimization could lead to large memory consumption. A local attacker could exploit this to allocate all available memory, leading to a denial of service.

Read the notes from the security team

Status

Package Ubuntu Release Status
linux 8.04 LTS hardy
Fixed 2.6.24-21.43
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper Not in release
linux-source-2.6.15 8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper
Not affected
linux-source-2.6.20 8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty
Not affected
6.06 LTS dapper Not in release
linux-source-2.6.22 8.04 LTS hardy Not in release
7.10 gutsy
Not affected
7.04 feisty Not in release
6.06 LTS dapper Not in release

Notes

kees

is this even security-relevant? linux-2.6: 89f5b7da2a6bad2e84670422ab8192382a5aeb9f and also: 672ca28e300c17bf8d792a2a7a8631193e580c74 (vmware breakage) this is being fixed via -proposed -20 abi (which will likely be -22 in the end)

References

Related Ubuntu Security Notices (USN)

    • USN-659-1
    • Linux kernel vulnerabilities
    • 27 October 2008

Other references