** Description changed: - A use-after-free flaw has been found in madvise_remove() function in the - Linux kernel. madvise_remove() can race with munmap (causing a use- - after-free of the vma) or with close (causing a use-after-free of the - struct file). An unprivileged local user can use this flaw to crash the - system. + Multiple race conditions in the madvise_remove function in mm/madvise.c + in the Linux kernel before 3.4.5 allow local users to cause a denial of + service (use-after-free and system crash) via vectors involving a (1) + munmap or (2) close system call. Break-Fix: 90ed52ebe48181d3c5427b3bd1d24f659e7575ad 9ab4233dd08036fe34a89c7dc6f47a8bf2eb29eb
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1042447 Title: CVE-2012-3511 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1042447/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
