The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2006-04-05T17:00:00
Updated: 2024-08-07T16:56:15.547Z
Reserved: 2006-03-07T00:00:00
Link: CVE-2006-1055
Vulnrichment
No data.
NVD
Status : Modified
Published: 2006-04-05T17:04:00.000
Modified: 2024-11-21T00:07:58.380
Link: CVE-2006-1055
Redhat
No data.