PT-2006-1523 · Linux+1 · Linux Kernel+1

Published

2006-03-14

Updated

2018-10-03

CVE-2006-0457

CVSS v2.0

7.1

High

Vector

AV:N/AC:H/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel version 2.6.x

Description A race condition exists in the Linux kernel, specifically in the add key, request key, and keyctl functions, allowing local users to potentially cause a denial of service (crash) or read sensitive kernel memory. This issue arises when the length of a string argument is modified between the time the kernel calculates the length and the time it copies the data into kernel memory.

Recommendations For Linux kernel version 2.6.x, consider applying a patch that fixes the race condition in the add key, request key, and keyctl functions to prevent potential denial of service or sensitive kernel memory exposure.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0457

RHSA-2006:0575

RHSA-2006_0575

Affected Products

Linux Kernel

Red Hat

PT-2006-1523 · Linux+1 · Linux Kernel+1

CVE-2006-0457

Related Identifiers

Affected Products

References · 258