Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6417

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2007-6417
Last Modified 21 Aug 2010 12:00:00
Published 17 Dec 2007 07:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-6417

Summary

The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash).

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.11

  • Linux Kernel 2.6.12

  • Linux Kernel 2.6.13

  • Linux Kernel 2.6.14

  • Linux Kernel 2.6.15

  • Linux Kernel 2.6.16

  • Linux Kernel 2.6.17

  • Linux Kernel 2.6.18

  • Linux Kernel 2.6.19.0

  • Linux Kernel 2.6.20

  • Linux Kernel 2.6.21

  • Linux Kernel 2.6.22

  • Linux Kernel 2.6.23


References

UBUNTU - USN-578-1

UBUNTU - USN-574-1

BID - 27694

REDHAT - RHSA-2008:0885

MANDRIVA - MDVSA-2008:112

MANDRIVA - MDVSA-2008:086

DEBIAN - DSA-1436

SECUNIA - 32023

SECUNIA - 28971

SECUNIA - 28806

SECUNIA - 28706

SECUNIA - 28141

OSVDB - 44120

MLIST - [linux-kernel] 20071215 Re: [PATCH] tmpfs: restore missing clear_highpage

MLIST - [linux-kernel] 20071212 Re: [PATCH] tmpfs: restore missing clear_highpage

MLIST - [linux-kernel] 20071128 [PATCH] tmpfs: restore missing clear_highpage

SUSE - SUSE-SA:2008:006


Last Updated: 27 May 2016 10:46:30