CVE-2005-0001

MEDIUM

Description

Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.

References

http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930

http://isec.pl/vulnerabilities/isec-0022-pagefault.txt

http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html

http://marc.info/?l=bugtraq&m=110554694522719&w=2

http://marc.info/?l=bugtraq&m=110581146702951&w=2

http://secunia.com/advisories/13822

http://secunia.com/advisories/20163

http://secunia.com/advisories/20202

http://secunia.com/advisories/20338

http://securitytracker.com/id?1012862

http://www.debian.org/security/2006/dsa-1067

http://www.debian.org/security/2006/dsa-1069

http://www.debian.org/security/2006/dsa-1070

http://www.debian.org/security/2006/dsa-1082

http://www.mandriva.com/security/advisories?name=MDKSA-2005:022

http://www.redhat.com/support/errata/RHSA-2005-016.html

http://www.redhat.com/support/errata/RHSA-2005-017.html

http://www.redhat.com/support/errata/RHSA-2005-043.html

http://www.redhat.com/support/errata/RHSA-2005-092.html

http://www.securityfocus.com/bid/12244

http://www.trustix.org/errata/2005/0001/

https://bugzilla.fedora.us/show_bug.cgi?id=2336

https://exchange.xforce.ibmcloud.com/vulnerabilities/18849

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10322

Details

Source: MITRE

Published: 2005-05-02

Updated: 2017-10-11

Risk Information

CVSS v2.0

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM