CVE-2004-0491 Information

Description

The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process which allows local users to mlock more memory than specified by the rlimit.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U http://marc.info/?l=linux-kernel&m=108087017610947&w=2 http://secunia.com/advisories/19607 http://www.redhat.com/support/errata/RHSA-2005-472.html http://www.securityfocus.com/bid/13769 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126411 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10672 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1117