|Description||The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 22.214.171.124, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program.|
|Source||CVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)|
|References||DSA-1787-1, DSA-1794-1, DSA-1800-1|
|NVD severity||medium (attack range: local)|
The information below is based on the following data on fixed versions.
All Debian kernels set CONFIG_SHMEM, so this is moot except
for locally modified configs and even for that I fail to
see why anyone would run a kernel w/o CONFIG_SHMEM?