CVE-2008-0009

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6.22 through 2.6.24

Description The issue is related to the vmsplice to user function in fs/splice.c, which does not properly validate a certain userspace pointer before dereference. This could potentially allow local users to access arbitrary kernel memory locations.

Recommendations For Linux kernel versions 2.6.22 through 2.6.24, consider applying a patch that fixes the vmsplice to user function to properly validate userspace pointers before dereference. At the moment, there is no information about a newer version that contains a fix for this vulnerability.