PT-2006-5909 · Linux+1 · Linux Kernel+1

Published

2006-10-05

Updated

2018-10-30

CVE-2006-5174

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.19-rc1

Description The issue is related to the copy from user function in the uaccess code of the Linux kernel. When running on s390, this function does not properly clear a kernel buffer. This allows local user space programs to read portions of kernel memory by appending to a file from a bad address, which triggers a fault that prevents the unused memory from being cleared in the kernel buffer.

Recommendations For Linux kernel versions prior to 2.6.19-rc1, update to version 2.6.19-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive kernel memory areas to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5174

DSA-1233

DSA-1237

RHSA-2006:0710

RHSA-2007:0014

RHSA-2007_0014

Affected Products

Linux Kernel

Red Hat

PT-2006-5909 · Linux+1 · Linux Kernel+1

CVE-2006-5174

Related Identifiers

Affected Products

References · 255