CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
EPSS
Percentile
50.9%
madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file
and mmap restrictions, which allows local users to bypass IPC permissions
and replace portions of readonly tmpfs files with zeroes, aka the
MADV_REMOVE vulnerability. NOTE: this description was originally written
in a way that combined two separate issues. The mprotect issue now has a
separate name, CVE-2006-2071.