PT-2008-2225 · Red Hat+1 · Kernel+12

Qaaz

Published

2008-02-12

Updated

2023-02-13

CVE-2008-0600

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

The vmsplice to pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2008-0600

DSA-1494-1

DTSA-113-1

RHSA-2008:0129

RHSA-2008_0129

Affected Products

Kernel

Kernel-Debug

Kernel-Debug-Devel

Kernel-Devel

Kernel-Doc

Kernel-Headers

Kernel-Kdump

Kernel-Kdump-Devel

Kernel-Pae

Kernel-Pae-Devel

Kernel-Xen

Kernel-Xen-Devel

Linux Kernel

PT-2008-2225 · Red Hat+1 · Kernel+12

CVE-2008-0600

Weakness Enumeration

Related Identifiers

Affected Products

References · 44