Описание
The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | |
| devel | DNE | |
| edgy | DNE | |
| feisty | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| edgy | released | 2.6.17.1-12.40 |
| feisty | DNE | |
| upstream | needs-triage |
Показывать по
4.9 Medium
CVSS2
Связанные уязвимости
The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read.
The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 ...
The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read.
4.9 Medium
CVSS2