PT-2004-3717 · Linux · Linux Kernel

Published

1970-01-01

·

Updated

2010-04-02

·

CVE-2004-2607

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.4 up to 2.4.29-rc1 Linux kernel versions 2.6.x up to 2.6.5
Description The issue is related to a numeric casting discrepancy in the sdla xfer function of the Linux kernel, which allows local users to read portions of kernel memory via a large len argument. This can lead to a violation of protected information accessibility. The vulnerability can be exploited remotely.
Recommendations For Linux kernel versions 2.4 up to 2.4.29-rc1: update to a version later than 2.4.29-rc1 to resolve the issue. For Linux kernel versions 2.6.x up to 2.6.5: update to a version later than 2.6.5 to resolve the issue. As a temporary workaround, consider restricting access to the sdla xfer function until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

BDU:2015-03166
BDU:2015-03167
BDU:2015-03168
BDU:2015-03169
BDU:2015-03170
BDU:2015-03171
BDU:2015-03172
BDU:2015-03173
BDU:2015-03174
BDU:2015-03175
BDU:2015-03176
BDU:2015-03177
BDU:2015-03178
BDU:2015-03179
BDU:2015-03180
BDU:2015-03181
BDU:2015-03182
BDU:2015-03183
BDU:2015-03184
BDU:2015-03185
BDU:2015-03186
BDU:2015-03187
BDU:2015-03188
BDU:2015-03189
BDU:2015-03190
BDU:2015-03191
BDU:2015-03192
BDU:2015-03193
BDU:2015-03194
BDU:2015-03195
BDU:2015-03196
BDU:2015-03197
BDU:2015-03198
BDU:2015-03199
BDU:2015-03200
BDU:2015-03201
BDU:2015-03202
BDU:2015-03203
BDU:2015-03204
BDU:2015-03205
BDU:2015-03206
BDU:2015-03207
BDU:2015-03208
BDU:2015-03209
BDU:2015-03210
BDU:2015-03211
BDU:2015-03212
BDU:2015-03213
BDU:2015-03214
BDU:2015-03215
BDU:2015-03216
BDU:2015-03217
BDU:2015-03218
BDU:2015-03219
BDU:2015-03220
BDU:2015-03221
BDU:2015-03222
BDU:2015-03223
BDU:2015-03224
BDU:2015-03225
BDU:2015-03226
BDU:2015-03227
BDU:2015-03228
BDU:2015-03229
BDU:2015-03230
BDU:2015-03231
BDU:2015-03232
BDU:2015-03233
BDU:2015-03234
BDU:2015-03235
BDU:2015-03236
BDU:2015-03237
BDU:2015-03238
BDU:2015-03239
BDU:2015-03240
BDU:2015-03241
BDU:2015-03242
BDU:2015-03243
BDU:2015-03244
BDU:2015-03245
BDU:2015-03246
BDU:2015-03247
BDU:2015-03248
BDU:2015-03249
BDU:2015-03250
BDU:2015-03251
BDU:2015-03252
BDU:2015-03253
BDU:2015-03254
BDU:2015-03255
BDU:2015-03256
BDU:2015-03257
BDU:2015-03258
BDU:2015-03259
BDU:2015-03260
BDU:2015-03261
BDU:2015-03262
BDU:2015-03263
BDU:2015-03264
BDU:2015-03265
BDU:2015-03266
BDU:2015-03267
BDU:2015-03268
BDU:2015-03269
BDU:2015-03270
BDU:2015-03271
BDU:2015-03272
BDU:2015-03273
BDU:2015-03274
CVE-2004-2607
DSA-1018-1

Affected Products

Linux Kernel