CVE-2007-6716
First published: Thu Sep 04 2008(Updated: )
Description of problem: To avoid exposing ourselves to the risk of finding another field like .map_bh.b_state where we rely on zeroing but don't enforce it in the code. The fix uses kzalloc to zero all the struct dio rather than manually trying to track which fields we rely on being zero. Reference: <a href="http://lkml.org/lkml/2007/7/26/88">http://lkml.org/lkml/2007/7/26/88</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <2.6.23 | |
| Canonical Ubuntu Linux | =7.10 | |
| Canonical Ubuntu Linux | =8.04 | |
| Canonical Ubuntu Linux | =6.06 | |
| Debian Debian Linux | =4.0 | |
| Novell Linux Desktop | =9 | |
| openSUSE openSUSE | =10.3 | |
| SUSE SUSE Linux Enterprise Server | =10-sp2 | |
| SUSE SUSE Linux Enterprise Desktop | =10-sp2 | |
| SUSE SUSE Linux Enterprise Server | =10-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lkml.org/lkml/2007/7/30/448
- http://www.openwall.com/lists/oss-security/2008/09/04/1
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=848c4dd5153c7a0de55470ce99a8e13a63b4703f
- https://bugzilla.redhat.com/show_bug.cgi?id=461082
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23
- http://www.redhat.com/support/errata/RHSA-2008-0885.html
- http://secunia.com/advisories/32023
- http://www.ubuntu.com/usn/usn-659-1
- http://secunia.com/advisories/32393
- http://secunia.com/advisories/32799
- http://rhn.redhat.com/errata/RHSA-2008-0972.html
- http://secunia.com/advisories/32759
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html
- http://secunia.com/advisories/32103
- http://secunia.com/advisories/32237
- http://www.securityfocus.com/bid/31515
- http://www.debian.org/security/2008/dsa-1653
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:220
- http://secunia.com/advisories/32356
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
- http://secunia.com/advisories/32370
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10053
- http://lkml.org/lkml/2007/7/26/88
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=315715&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=315715&action=edit
- http://freshmeat.net/projects/fio/
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=315718
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=315718&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2
- https://bugzilla.redhat.com/attachment.cgi?id=315718
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=848c4dd5153c7a0de55470ce99a8e13a63b4703f
- agent/references
- agent/author
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/remedy
- agent/description
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2007-6716
- vendor/linux
- canonical/linux linux kernel
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/7.10
- version/canonical ubuntu linux/8.04
- version/canonical ubuntu linux/6.06
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/4.0
- vendor/novell
- canonical/novell linux desktop
- version/novell linux desktop/9
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/10.3
- vendor/suse
- canonical/suse suse linux enterprise server
- version/suse suse linux enterprise server/10-sp2
- canonical/suse suse linux enterprise desktop
- version/suse suse linux enterprise desktop/10-sp2
- version/suse suse linux enterprise server/10-sp1