Thanks for this report! As it turns out, this CVE should not have been
assigned. This isn't actually a vulnerability, and is just a bug in the
kernel. There is no way for unprivileged users (or really even the root
user) to add new clocksources.
** Changed in: linux-source-2.6.22 (Ubuntu)
Assignee: (unassigned) => Kees Cook (keescook)
Status: New => Invalid
--
[CVE-2007-5908] Buffer overflow in the (1) sysfs_show_available_clocksources
and (2) sysfs_show_current_clocksources
https://bugs.launchpad.net/bugs/162637
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
