CVE-2007-3850

LOW
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=721151d004dcf01a71b12bb6b893f9160284cf6e

http://osvdb.org/45488

http://rhn.redhat.com/errata/RHSA-2007-0940.html

http://secunia.com/advisories/27322

http://www.securityfocus.com/bid/26161

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10793

Details

Source: MITRE

Published: 2007-10-23

Updated: 2017-09-29

Type: CWE-200

Risk Information

CVSS v2

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

Tenable Plugins

View all (5 total)

IDNameProductFamilySeverity
67581Oracle Linux 5 : kernel (ELSA-2007-0940)NessusOracle Linux Local Security Checks
medium
60272Scientific Linux Security Update : kernel on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
43654CentOS 5 : kernel (CESA-2007:0940)NessusCentOS Local Security Checks
medium
27565RHEL 5 : kernel (RHSA-2007:0940)NessusRed Hat Local Security Checks
medium
801440CentOS RHSA-2007-0940 Security CheckLog Correlation EngineGeneric
high