Secunia

Some vulnerabilities have been reported in the Linux kernel. One has an unknown impact, the rest can be exploited by malicious, local users, or by malicious people, to cause a DoS (Denial of Service).

1) A boundary error exists in the ROSE "rose_rt_ioctl()" function due to missing verification of the ndigis argument of new routes. This can be exploited to crash the kernel by calling the function with a large ngidis argument.

2) Any user with permissions to access a SCSI tape device can send some commands, which may cause it to become unusable for other users.

3) A race condition in ebtables netfilter module (ebtables.c) when running on an SMP system operating under a heavy load, may be exploited to cause a DoS (kernel panic) via a series of packets.

4) An error in the maintaining of cache coherency in "mprotect.c" on Itanium IA64 processors can be exploited by local users to cause a DoS and possibly corrupt data by modifying PTE protections.

5) Certain debugging code that is present in the "choose_new_parent()" function in "kernel/exit.c" can be exploited by local users to cause a DoS.

Solution
Vulnerabilities #1, #2 and #3 have been fixed in version 2.6.12-rc1.
Further details available in Customer Area

Provided and/or discovered by
3) Steve Herrell

Changelog
Further details available in Customer Area

Original Advisory
Kernel.org:
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc1
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc2
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc4
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git;a=commit;h=c06fec5022ebe014af876da2df4a0eee836e97c8

Deep Links
Links available in Customer Area