CVE-2004-0491

critical

Description

The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1117

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10672

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126411

http://www.securityfocus.com/bid/13769

http://www.redhat.com/support/errata/RHSA-2005-472.html

http://secunia.com/advisories/19607

http://marc.info/?l=linux-kernel&m=108087017610947&w=2

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00087

Detections

Analytics