CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
42.6%
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
Vendor | Product | Version | CPE |
---|---|---|---|
linux | linux_kernel | 2.6.0 | cpe:/o:linux:linux_kernel:2.6.0:test4:: |
linux | linux_kernel | 2.6.0 | cpe:/o:linux:linux_kernel:2.6.0:test3:: |
linux | linux_kernel | 2.6.8 | cpe:/o:linux:linux_kernel:2.6.8::: |
linux | linux_kernel | 2.6.0 | cpe:/o:linux:linux_kernel:2.6.0:test2:: |
linux | linux_kernel | 2.6+test9+cvs | cpe:/o:linux:linux_kernel:2.6+test9+cvs::: |
linux | linux_kernel | 2.6.0 | cpe:/o:linux:linux_kernel:2.6.0:test6:: |
linux | linux_kernel | 2.6.1 | cpe:/o:linux:linux_kernel:2.6.1::: |
linux | linux_kernel | 2.6.0 | cpe:/o:linux:linux_kernel:2.6.0:test1:: |
linux | linux_kernel | 2.6.8 | cpe:/o:linux:linux_kernel:2.6.8:rc2:: |
linux | linux_kernel | 2.6.3 | cpe:/o:linux:linux_kernel:2.6.3::: |
archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
marc.info/?l=linux-kernel&m=111630512512222
www.redhat.com/support/errata/RHSA-2005-420.html
www.securityfocus.com/archive/1/427980/100/0/threaded
www.securityfocus.com/bid/13651
www.vupen.com/english/advisories/2005/0557
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10264