Candidate: CVE-2005-3044
References: 
 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044
 Final-Decision:
 Interim-Decision:
 Modified:
 Proposed:
 Assigned: 20050922
 Category: SF
 Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.2
Description: 
 Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow loal
 users to cause a denial of service (kernel OOPS from null dereference)
 via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put
 in the 32-bit routing_ioctl function on 64-bit systems.
Notes: 
 http://lkml.org/lkml/2005/9/30/218
 horms> 2.4.27 code is vulnerable but there is no amd64 for 2.4 in Sarge
 dannf> Though, I guess its possible that someone would try to build an amd64
 dannf> kernel out of our tree, so I marked 2.4 "needed" below.  Lowest of the
 dannf> low priorities though...
 micah> there are actually two issues that are fixed in this CVE, so we
 micah> have two patches... if you look at them they look REALLY similar, but they aren't
 micah> dont be fooled
 jmm> marking 2.4 as N/A, 2.4 wasn't supported for amd64
upstream: released (2.6.13.2)
linux-2.6: released (2.6.12-7, 2.6.13-1) [lost-fput-in-32bit-ioctl-on-x86-64.patch, linux-2.6.13.2.patch]
2.6.8-sarge-security: released (2.6.8-16sarge2) [lost-fput-in-32bit-ioctl-on-x86-64.dpatch, lost-sockfd_put-in-32bit-compat-routing_ioctl.patch]
2.4.27-sarge-security: N/A
2.6.18-etch-security: N/A