CVE-2014-4508

[John Haxby <john.haxby () oracle com>]

Hello,

This is an old CVE but it was recently "rediscovered" [1].

CVE-2014-4508 is a memory leak in the auditing subsystem in the kernel.  On old 32 bit linux kernels that don't have 
[2] this memory leak turns out to be quite bad: you can trigger an out of memory condition that the system cannot 
recover from not matter how hard it tries.

If you believe you have such a kernel, please get in touch with me directly.

jch




[1] Thanks to Dan Moulding for bringing this to our attention
[2] 554086d85e71 ("x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508)")

Attachment: signature.asc
Description: Message signed with OpenPGP