// For flags

CVE-2008-0007

kernel: insufficient range checks in fault handlers with mremap

Severity Score

7.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.

Núcleo de Linux versiones anteriores a 2.6.22.17, cuando se usan ciertos controladores que registran un error en el manejador, que no realiza comprobaciones de rango, permite a usuarios locales acceder a la memoria del núcleo a través de un desplazamiento fuera de rango.

Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS). Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code. David Peer discovered that users could escape administrator imposed cpu time limitations (RLIMIT_CPU) by setting a limit of 0. Alexander Viro discovered a race condition in the directory notification subsystem that allows local users to cause a Denial of Service (oops) and possibly result in an escalation of privileges.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-12-03 CVE Reserved
  • 2008-02-08 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-399: Resource Management Errors
CAPEC
References (39)
URL Tag Source
http://lists.vmware.com/pipermail/security-announce/2008/000023.html Mailing List
http://secunia.com/advisories/28806 Third Party Advisory
http://secunia.com/advisories/28826 Third Party Advisory
http://secunia.com/advisories/29058 Third Party Advisory
http://secunia.com/advisories/29570 Third Party Advisory
http://secunia.com/advisories/30018 Third Party Advisory
http://secunia.com/advisories/30110 Third Party Advisory
http://secunia.com/advisories/30112 Third Party Advisory
http://secunia.com/advisories/30116 Third Party Advisory
http://secunia.com/advisories/30769 Third Party Advisory
http://secunia.com/advisories/31246 Third Party Advisory
http://secunia.com/advisories/33280 Third Party Advisory
http://securitytracker.com/id?1019357 Vdb Entry
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048 X_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1 X_refsource_confirm
http://www.securityfocus.com/archive/1/487808/100/0/threaded Mailing List
http://www.securityfocus.com/bid/27686 Vdb Entry
http://www.securityfocus.com/bid/27705 Vdb Entry
http://www.vupen.com/english/advisories/2008/0445/references Vdb Entry
http://www.vupen.com/english/advisories/2008/2222/references Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9412 Signature
URL Date SRC
http://lkml.org/lkml/2008/2/6/457 2024-08-07
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.17 2024-08-07
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html 2018-10-15
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html 2018-10-15
http://www.debian.org/security/2008/dsa-1503 2018-10-15
http://www.debian.org/security/2008/dsa-1504 2018-10-15
http://www.debian.org/security/2008/dsa-1565 2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:044 2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:072 2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:112 2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:174 2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0211.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0233.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0237.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0787.html 2018-10-15
http://www.ubuntu.com/usn/usn-618-1 2018-10-15
https://access.redhat.com/security/cve/CVE-2008-0007 2009-01-08
https://bugzilla.redhat.com/show_bug.cgi?id=428961 2009-01-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 2.6.22.16
Search vendor "Linux" for product "Linux Kernel" and version " <= 2.6.22.16"
-
Affected