CVE-2008-3534medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count.
References
http://lkml.org/lkml/2008/7/26/71
http://secunia.com/advisories/31881
http://secunia.com/advisories/32190
http://secunia.com/advisories/32393
http://www.debian.org/security/2008/dsa-1636
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1
http://www.redhat.com/support/errata/RHSA-2008-0857.html
http://www.securityfocus.com/bid/31134
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Configuration 3
OR
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 36681 | Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : linux, linux-source-2.6.15/22 vulnerabilities (USN-659-1) | Nessus | Ubuntu Local Security Checks | high |
| 34171 | Debian DSA-1636-1 : linux-2.6.24 - denial of service/information leak | Nessus | Debian Local Security Checks | high |