The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bigmem_kernel | Redhat | 2.4.20-8 (including) | 2.4.20-8 (including) |
| Kernel | Redhat | 2.4.20-8 (including) | 2.4.20-8 (including) |
| Kernel_doc | Redhat | 2.4.20-8 (including) | 2.4.20-8 (including) |
| Red Hat Enterprise Linux 3 | RedHat | kernel-0:2.4.21-9.0.1.EL | * |
| Red Hat Enterprise Linux 3 | RedHat | s390utils-2:1.2.4-3 | * |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux ES version 2.1 | RedHat | * | |
| Red Hat Enterprise Linux WS version 2.1 | RedHat | * | |
| Red Hat Linux 9 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * | |
| Kernel-patch-powerpc-2.4.27 | Ubuntu | dapper | * |
| Kernel-patch-powerpc-2.4.27 | Ubuntu | edgy | * |
| Kernel-source-2.4.27 | Ubuntu | dapper | * |
| Kernel-source-2.4.27 | Ubuntu | edgy | * |
| User-mode-linux | Ubuntu | devel | * |