Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2008-0009

Publication date 12 February 2008

Last updated 24 July 2024

Ubuntu priority

High

Why this priority?

The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.

Read the notes from the security team

Status

Package Ubuntu Release Status
linux 7.10 gutsy Not in release
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
linux-source-2.6.15 7.10 gutsy Not in release
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper
Not affected
linux-source-2.6.17 7.10 gutsy Not in release
7.04 feisty Not in release
6.10 edgy
Not affected
6.06 LTS dapper Not in release
linux-source-2.6.20 7.10 gutsy Not in release
7.04 feisty
Not affected
6.10 edgy Not in release
6.06 LTS dapper Not in release
linux-source-2.6.22 7.10 gutsy
Not affected
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release

Notes

jdstrand

dapper-gutsy not affected. Only 2.6.23 - 2.6.24. See: http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt local root exploit on hardy (exploit code doesn't exist yet) amitk will upload 2.6.24.2 for hardy soon