linux_kernel_cves icon indicating copy to clipboard operation
linux_kernel_cves copied to clipboard
verified publisher icon nluedtke

[DATA] CVE-2005-3660

Open nluedtke opened this issue 9 years ago • 2 comments

Quick research yielded no known fix for this issue. It is unclear if this CVE was fixed via patch or if it was left to be handled by other mitigations.

nluedtke avatar Mar 08 '17 15:03 nluedtke

It looks like this bug was unofficially marked as won't fix. While it may be vendor specific, the Debian Security Advisory noted it was a design limitation:

Design limitation, for rare corner cases, where this poses a problem advanced resource management systems can be deployed

Link here: https://security-tracker.debian.org/tracker/CVE-2005-3660

avelardi avatar Mar 29 '17 16:03 avelardi

Yeah, Debian's kernel security repo has it under ignored. with the comment:

dannf> The fix suggested by idefense includes adding a struct user reference dannf> to struct file. No such thing has gone upstream yet, however.

There are few of these cases where for the earlier vulnerabilities, they were essentially marked as "won't fix" or "working as intended". I am not sure how we want to mark these for the upstream kernel yet.

nluedtke avatar Mar 29 '17 16:03 nluedtke