Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
Software | From | Fixed in |
---|---|---|
linux / linux_kernel | 2.6.0 | 2.6.0.x |
linux / linux_kernel | 2.6.1 | 2.6.1.x |
linux / linux_kernel | 2.6.10 | 2.6.10.x |
linux / linux_kernel | 2.6.11 | 2.6.11.x |
linux / linux_kernel | 2.6.2 | 2.6.2.x |
linux / linux_kernel | 2.6.3 | 2.6.3.x |
linux / linux_kernel | 2.6.4 | 2.6.4.x |
linux / linux_kernel | 2.6.5 | 2.6.5.x |
linux / linux_kernel | 2.6.6 | 2.6.6.x |
linux / linux_kernel | 2.6.7 | 2.6.7.x |
linux / linux_kernel | 2.6.8 | 2.6.8.x |
linux / linux_kernel | 2.6.9-2.6.20 | 2.6.9-2.6.20.x |
redhat / enterprise_linux | 4.0 | 4.0.x |
redhat / enterprise_linux_desktop | 4.0 | 4.0.x |
conectiva / linux | 10.0 | 10.0.x |
redhat / fedora_core | core_2.0 | core_2.0.x |
redhat / fedora_core | core_3.0 | core_3.0.x |