CVE-2005-0001

Current Description

Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.

Basic Data

PublishedMay 02, 2005
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score6.9
SeverityMEDIUM
Exploitability Score3.4
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel2.2.7*******
    2.3OSLinuxLinux Kernel2.4.0*******
    2.3OSLinuxLinux Kernel2.4.1*******
    2.3OSLinuxLinux Kernel2.4.2*******
    2.3OSLinuxLinux Kernel2.4.3*******
    2.3OSLinuxLinux Kernel2.4.4*******
    2.3OSLinuxLinux Kernel2.4.5*******
    2.3OSLinuxLinux Kernel2.4.6*******
    2.3OSLinuxLinux Kernel2.4.7*******
    2.3OSLinuxLinux Kernel2.4.8*******
    2.3OSLinuxLinux Kernel2.4.9*******
    2.3OSLinuxLinux Kernel2.4.10*******
    2.3OSLinuxLinux Kernel2.4.11*******
    2.3OSLinuxLinux Kernel2.4.12*******
    2.3OSLinuxLinux Kernel2.4.13*******
    2.3OSLinuxLinux Kernel2.4.14*******
    2.3OSLinuxLinux Kernel2.4.15*******
    2.3OSLinuxLinux Kernel2.4.16*******
    2.3OSLinuxLinux Kernel2.4.17*******
    2.3OSLinuxLinux Kernel2.4.18*******
    2.3OSLinuxLinux Kernel2.4.19*******
    2.3OSLinuxLinux Kernel2.4.20*******
    2.3OSLinuxLinux Kernel2.4.21*******
    2.3OSLinuxLinux Kernel2.4.22*******
    2.3OSLinuxLinux Kernel2.4.23*******
    2.3OSLinuxLinux Kernel2.4.24*******
    2.3OSLinuxLinux Kernel2.4.25*******
    2.3OSLinuxLinux Kernel2.4.26*******
    2.3OSLinuxLinux Kernel2.4.27*******
    2.3OSLinuxLinux Kernel2.4.28*******
    2.3OSLinuxLinux Kernel2.4.29*******
    2.3OSLinuxLinux Kernel2.6.0*******
    2.3OSLinuxLinux Kernel2.6.1*******
    2.3OSLinuxLinux Kernel2.6.2*******
    2.3OSLinuxLinux Kernel2.6.3*******
    2.3OSLinuxLinux Kernel2.6.4*******
    2.3OSLinuxLinux Kernel2.6.5*******
    2.3OSLinuxLinux Kernel2.6.6*******
    2.3OSLinuxLinux Kernel2.6.7*******
    2.3OSLinuxLinux Kernel2.6.8*******
    2.3OSLinuxLinux Kernel2.6.92.6.20******
    2.3OSLinuxLinux Kernel2.6.10*******
    2.3OSRedhatEnterprise Linux3.0*advanced_server*****
    2.3OSRedhatEnterprise Linux3.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux3.0*workstation_server*****
    2.3OSRedhatEnterprise Linux4.0*advanced_server*****
    2.3OSRedhatEnterprise Linux4.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux4.0*workstation*****
    2.3OSRedhatEnterprise Linux Desktop3.0*******
    2.3OSRedhatEnterprise Linux Desktop4.0*******
    2.3OSTrustixSecure Linux2*******
    2.3OSTrustixSecure Linux2.1*******
    2.3OSTrustixSecure Linux2.2*******

Vulnerable Software List

VendorProductVersions
Redhat Enterprise Linux 3.0, 4.0
Redhat Enterprise Linux Desktop 3.0, 4.0
Linux Linux Kernel 2.2.7, 2.4.0, 2.4.1, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.4.19, 2.4.2, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.24, 2.4.25, 2.4.26, 2.4.27, 2.4.28, 2.4.29, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.6.0, 2.6.1, 2.6.10, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9
Trustix Secure Linux 2, 2.1, 2.2

References

NameSourceURLTags
CLA-2005:930http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930CONECTIVA
http://isec.pl/vulnerabilities/isec-0022-pagefault.txthttp://isec.pl/vulnerabilities/isec-0022-pagefault.txtMISC
20050112 Linux kernel i386 SMP page fault handler privilege escalationhttp://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.htmlFULLDISC
20050112 Linux kernel i386 SMP page fault handler privilege escalationhttp://marc.info/?l=bugtraq&m=110554694522719&w=2BUGTRAQ
20050114 [USN-60-0] Linux kernel vulnerabilitieshttp://marc.info/?l=bugtraq&m=110581146702951&w=2BUGTRAQ
13822http://secunia.com/advisories/13822SECUNIA
20163http://secunia.com/advisories/20163SECUNIA
20202http://secunia.com/advisories/20202SECUNIA
20338http://secunia.com/advisories/20338SECUNIA
1012862http://securitytracker.com/id?1012862SECTRACK
DSA-1067http://www.debian.org/security/2006/dsa-1067DEBIAN
DSA-1069http://www.debian.org/security/2006/dsa-1069DEBIAN
DSA-1070http://www.debian.org/security/2006/dsa-1070DEBIAN
DSA-1082http://www.debian.org/security/2006/dsa-1082DEBIAN
MDKSA-2005:022http://www.mandriva.com/security/advisories?name=MDKSA-2005:022MANDRAKE
RHSA-2005:016http://www.redhat.com/support/errata/RHSA-2005-016.htmlREDHAT
RHSA-2005:017http://www.redhat.com/support/errata/RHSA-2005-017.htmlREDHAT
RHSA-2005:043http://www.redhat.com/support/errata/RHSA-2005-043.htmlREDHAT
RHSA-2005:092http://www.redhat.com/support/errata/RHSA-2005-092.htmlREDHAT
12244http://www.securityfocus.com/bid/12244BID
2005-0001http://www.trustix.org/errata/2005/0001/TRUSTIX
FLSA:2336https://bugzilla.fedora.us/show_bug.cgi?id=2336FEDORA
linux-fault-handler-gain-privileges(18849)https://exchange.xforce.ibmcloud.com/vulnerabilities/18849XF
oval:org.mitre.oval:def:10322https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10322OVAL