CVE-2004-2302 - Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 a

CVE-2004-2302

Summary

Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in sysfs files.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 19-02-2017 - 05:07)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	PARTIAL

cvss-vector via4

AV:L/AC:H/Au:N/C:P/I:N/A:P

refmap via4

bid	13091
confirm	http://kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.10-rc1/2.6.10-rc1-mm1/broken-out/fix-race-in-sysfs_read_file-and-sysfs_write_file.patch http://linux.bkbits.net:8080/linux-2.6/cset%404186a4deVoR88JjTwMa3ZnIp-_YJsA
debian	DSA-922
mandrake	MDKSA-2005:218 MDKSA-2005:219
secunia	17826 18056
suse	SUSE-SA:2005:044

Last major update

19-02-2017 - 05:07

Published

31-12-2004 - 05:00

Last modified

19-02-2017 - 05:07