The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count.
Software | From | Fixed in |
---|---|---|
debian / debian_linux | 4.0 | 4.0.x |
linux / linux_kernel | - | 2.6.26.1 |
canonical / ubuntu_linux | 6.06 | 6.06.x |
canonical / ubuntu_linux | 7.10 | 7.10.x |
canonical / ubuntu_linux | 8.04 | 8.04.x |