Debian Security Advisory

DSA-1588-1 linux-2.6 -- denial of service

Date Reported:
27 May 2008
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2007-6712, CVE-2008-1615, CVE-2008-2136, CVE-2008-2137.
More information:

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2007-6712

    Johannes Bauer discovered an integer overflow condition in the hrtimer subsystem on 64-bit systems. This can be exploited by local users to trigger a denial of service (DoS) by causing the kernel to execute an infinite loop.

  • CVE-2008-1615

    Jan Kratochvil reported a local denial of service condition that permits local users on systems running the amd64 flavor kernel to cause a system crash.

  • CVE-2008-2136

    Paul Harks discovered a memory leak in the Simple Internet Transition (SIT) code used for IPv6 over IPv4 tunnels. This can be exploited by remote users to cause a denial of service condition.

  • CVE-2008-2137

    David Miller and Jan Lieskovsky discovered issues with the virtual address range checking of mmaped regions on the sparc architecture that may be exploited by local users to cause a denial of service.

For the stable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-18etch5.

Builds for linux-2.6/s390 and fai-kernels/powerpc were not yet available at the time of this advisory. This advisory will be updated as these builds become available.

We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Architecture-independent component:
HP Precision:
Intel IA-32:
Intel IA-64:
Big-endian MIPS:
Little-endian MIPS:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.