Note:
This project will be discontinued after December 13, 2021. [more]
2018-03-31
The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.
Products | Linux_kernel |
Type | Integer Overflow or Wraparound (CWE-190) |
First patch |
https://github.com/torvalds/linux/commit/1572e45a924f254d9570093abde46430c3172e3d |
Relevant file/s | ./kernel/events/core.c (modified, +1, -1) |
Links |
• https://usn.ubuntu.com/3696-1/
• https://usn.ubuntu.com/3696-2/ • https://usn.ubuntu.com/3754-1/ • http://www.securityfocus.com/bid/103607 • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: