CVE-2008-2372

NameCVE-2008-2372
DescriptionThe Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linux-2.6sourceetch(not affected)
linux-2.6source(unstable)2.6.26-1
linux-2.6.24source(unstable)2.6.24-6~etchnhalf.4

Notes

[etch] - linux-2.6 <not-affected> (Introduced between 2.6.23 and 2.6.24)
IMO this is a lack of optimisation, not a security issue? - jmm
89f5b7da2a6bad2e84670422ab8192382a5aeb9f
Search for package or bug name: Reporting problems