The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 2.6.8.1.5 (including) | 2.6.8.1.5 (including) |