CVE-2007-4133MEDIUM
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors.
References
http://secunia.com/advisories/26994
http://secunia.com/advisories/27322
http://secunia.com/advisories/28170
http://secunia.com/advisories/28971
http://secunia.com/advisories/29058
http://www.debian.org/security/2007/dsa-1381
http://www.debian.org/security/2008/dsa-1504
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.19-rc4
http://www.mandriva.com/security/advisories?name=MDKSA-2007:216
http://www.mandriva.com/security/advisories?name=MDVSA-2008:008
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
http://www.redhat.com/support/errata/RHSA-2007-0940.html
http://www.securityfocus.com/bid/25904
http://www.ubuntu.com/usn/usn-558-1
http://www.ubuntu.com/usn/usn-578-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/36925
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10451
Details
Source: MITRE
Published: 2007-10-04
Updated: 2017-09-29
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 4.7
Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Impact Score: 6.9
Exploitability Score: 3.4
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:linux:linux_kernel:*:rc3:*:*:*:*:*:* versions up to 2.6.19 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 67581 | Oracle Linux 5 : kernel (ELSA-2007-0940) | Nessus | Oracle Linux Local Security Checks | medium |
| 60272 | Scientific Linux Security Update : kernel on SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
| 43654 | CentOS 5 : kernel (CESA-2007:0940) | Nessus | CentOS Local Security Checks | medium |
| 37772 | Mandriva Linux Security Advisory : kernel (MDVSA-2008:105) | Nessus | Mandriva Local Security Checks | high |
| 31148 | Debian DSA-1504-1 : kernel-source-2.6.8 - several vulnerabilities | Nessus | Debian Local Security Checks | high |
| 31093 | Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-578-1) | Nessus | Ubuntu Local Security Checks | high |
| 29740 | Ubuntu 6.10 / 7.04 / 7.10 : linux-source-2.6.17/20/22 vulnerabilities (USN-558-1) | Nessus | Ubuntu Local Security Checks | high |
| 27565 | RHEL 5 : kernel (RHSA-2007:0940) | Nessus | Red Hat Local Security Checks | medium |
| 26211 | Debian DSA-1381-2 : linux-2.6 - several vulnerabilities | Nessus | Debian Local Security Checks | high |
| 801440 | CentOS RHSA-2007-0940 Security Check | Log Correlation Engine | Generic | high |