| ID |
CVE-2007-6417
|
| Summary |
The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.19:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.19:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.20:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*
-
cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.2 (as of 30-10-2018 - 16:25) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-399 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| oval
via4
|
| accepted | 2013-04-29T04:17:59.667-04:00 | | class | vulnerability | | contributors | | name | Aharon Chernin | | organization | SCAP.com, LLC |
| name | Dragos Prisaca | | organization | G2, Inc. |
| | definition_extensions | | comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | | oval | oval:org.mitre.oval:def:11414 |
| comment | The operating system installed on the system is CentOS Linux 5.x | | oval | oval:org.mitre.oval:def:15802 |
| comment | Oracle Linux 5.x | | oval | oval:org.mitre.oval:def:15459 |
| | description | The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). | | family | unix | | id | oval:org.mitre.oval:def:8920 | | status | accepted | | submitted | 2010-07-09T03:56:16-04:00 | | title | The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). | | version | 18 |
|
| redhat
via4
|
| advisories | | | rpms | - kernel-0:2.6.18-92.1.13.el5
- kernel-PAE-0:2.6.18-92.1.13.el5
- kernel-PAE-debuginfo-0:2.6.18-92.1.13.el5
- kernel-PAE-devel-0:2.6.18-92.1.13.el5
- kernel-debug-0:2.6.18-92.1.13.el5
- kernel-debug-debuginfo-0:2.6.18-92.1.13.el5
- kernel-debug-devel-0:2.6.18-92.1.13.el5
- kernel-debuginfo-0:2.6.18-92.1.13.el5
- kernel-debuginfo-common-0:2.6.18-92.1.13.el5
- kernel-devel-0:2.6.18-92.1.13.el5
- kernel-doc-0:2.6.18-92.1.13.el5
- kernel-headers-0:2.6.18-92.1.13.el5
- kernel-kdump-0:2.6.18-92.1.13.el5
- kernel-kdump-debuginfo-0:2.6.18-92.1.13.el5
- kernel-kdump-devel-0:2.6.18-92.1.13.el5
- kernel-xen-0:2.6.18-92.1.13.el5
- kernel-xen-debuginfo-0:2.6.18-92.1.13.el5
- kernel-xen-devel-0:2.6.18-92.1.13.el5
|
|
| refmap
via4
|
| bid | 27694 | | debian | DSA-1436 | | mandriva | - MDVSA-2008:086
- MDVSA-2008:112
| | mlist | - [linux-kernel] 20071128 [PATCH] tmpfs: restore missing clear_highpage
- [linux-kernel] 20071212 Re: [PATCH] tmpfs: restore missing clear_highpage
- [linux-kernel] 20071215 Re: [PATCH] tmpfs: restore missing clear_highpage
| | osvdb | 44120 | | secunia | - 28141
- 28706
- 28806
- 28971
- 32023
| | suse | SUSE-SA:2008:006 | | ubuntu | |
|
| statements
via4
|
| contributor | Tomas Hoger | | lastmodified | 2009-01-15 | | organization | Red Hat | | statement | This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.
It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0885.html |
|
| Last major update |
30-10-2018 - 16:25 |
| Published |
18-12-2007 - 00:46 |
| Last modified |
30-10-2018 - 16:25 |
