7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
10.1%
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the
Linux kernel before 2.6.23.10 allows local users to execute arbitrary code
or cause a denial of service (panic) via a large relative timeout value.
NOTE: some of these details are obtained from third party information.
Author | Note |
---|---|
jdstrand | local DoS with speculation of arbitray code execution (but it’s not confirmed), so setting to medium for now. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.10 | noarch | linux-source-2.6.17 | < 2.6.17.1-12.43 | UNKNOWN |
ubuntu | 7.04 | noarch | linux-source-2.6.20 | < 2.6.20-16.34 | UNKNOWN |
ubuntu | 7.10 | noarch | linux-source-2.6.22 | < 2.6.22-14.51 | UNKNOWN |
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=62f0f61e6673e67151a7c8c0f9a09c7ea43fe2b5;hp=f194d132e4971111f85c18c96067acffb13cee6d
launchpad.net/bugs/cve/CVE-2007-5966
nvd.nist.gov/vuln/detail/CVE-2007-5966
security-tracker.debian.org/tracker/CVE-2007-5966
ubuntu.com/security/notices/USN-574-1
www.cve.org/CVERecord?id=CVE-2007-5966