The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2006-04-05T17:00:00

Updated: 2024-08-07T16:56:15.547Z

Reserved: 2006-03-07T00:00:00

Link: CVE-2006-1055

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-04-05T17:04:00.000

Modified: 2024-11-21T00:07:58.380

Link: CVE-2006-1055

cve-icon Redhat

No data.