A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05.01.2004 except concerning the same internal kernel function code.
Proper exploitation of this vulnerability leads to local privilege escalation giving an attacker full super-user privileges. The vulnerability may also lead to a denial-of-service attack on the available system memory
Tested and known to be vulnerable kernel versions are all <= 2.2.25, <= 2.4.24 and <= 2.6.2. The 2.2.25 version of Linux kernel does not recognize the MREMAP_FIXED flag but this does not prevent the bug from being successfully exploited. All users are encouraged to patch all vulnerable systems as soon as appropriate vendor patches are released.
There is no hotfix for this vulnerablity. Limited per user virtual memory still permits do_munmap() to fail.
Official Story Here
Linear Mode
