Code injection

2008-05-2916:32:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mmap calls.

CPENameOperatorVersion
debian_linuxeq4.0 sparc
linux_kerneleq2.6.20.9
linux_kerneleq2.6.11
linux_kerneleq2.6.23.4
linux_kerneleq2.6.22.15
linux_kerneleq2.6.17.12
linux_kerneleq2.6.21
linux_kerneleq2.6.12.12
linux_kerneleq2.6.5
linux_kerneleq2.6.15.3

Name	Operator	Version
debian_linux	eq	4.0 sparc
linux_kernel	eq	2.6.20.9
linux_kernel	eq	2.6.11
linux_kernel	eq	2.6.23.4
linux_kernel	eq	2.6.22.15
linux_kernel	eq	2.6.17.12
linux_kernel	eq	2.6.21
linux_kernel	eq	2.6.12.12
linux_kernel	eq	2.6.5
linux_kernel	eq	2.6.15.3