CVE-2007-0997 - OpenCVE

Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel:2.6.17:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.17:rc1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.17:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.17:rc3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.17:rc4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.17:rc5::::::
	cpe:2.3:o:linux:linux_kernel:2.6.17:rc6::::::
	cpe:2.3:o:linux:linux_kernel:2.6.17.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.17.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.17.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.17.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.17.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.17.6:::::::*

No data.

References

Link	Providers
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18
http://lkml.org/lkml/2006/7/17/140

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-09-18T19:00:00Z

Updated: 2024-09-17T02:36:04.290Z

Reserved: 2007-02-16T00:00:00Z

Link: CVE-2007-0997

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2007-09-18T19:17:00.000

Modified: 2008-09-05T21:19:22.830

Link: CVE-2007-0997

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-09-18T19:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[linux-kernel] 20060717 [patch 25/45] splice: fix problems with sys_tee()", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lkml.org/lkml/2006/7/17/140"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2007-0997", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[linux-kernel] 20060717 [patch 25/45] splice: fix problems with sys_tee()", "refsource": "MLIST", "url": "http://lkml.org/lkml/2006/7/17/140"}, {"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18", "refsource": "CONFIRM", "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:43:21.256Z"}, "title": "CVE Program Container", "references": [{"name": "[linux-kernel] 20060717 [patch 25/45] splice: fix problems with sys_tee()", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lkml.org/lkml/2006/7/17/140"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-0997", "datePublished": "2007-09-18T19:00:00Z", "dateReserved": "2007-02-16T00:00:00Z", "dateUpdated": "2024-09-17T02:36:04.290Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*", "matchCriteriaId": "9E86E13B-EC92-47F3-94A9-DB515313011D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc1:*:*:*:*:*:*", "matchCriteriaId": "980A6C7D-6175-4A44-8377-74AA7A9FD108", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc2:*:*:*:*:*:*", "matchCriteriaId": "5C226902-04D9-4F32-866C-20225841ECF8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc3:*:*:*:*:*:*", "matchCriteriaId": "C6EDD210-6E7B-4BD8-96C2-2C22FEE7DE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc4:*:*:*:*:*:*", "matchCriteriaId": "655DB612-AF49-4C17-AFB9-2E33EE8E0572", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc5:*:*:*:*:*:*", "matchCriteriaId": "7EE30F34-EE81-4E1E-BF9F-A7A36B78B897", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc6:*:*:*:*:*:*", "matchCriteriaId": "E1F65DF2-2794-47B7-9676-CCF150683CC6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.1:*:*:*:*:*:*:*", "matchCriteriaId": "DEB3068F-2F64-4BBC-BA3C-FB56A2FBED50", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.2:*:*:*:*:*:*:*", "matchCriteriaId": "6555D45B-D3B3-4455-AB1E-E513F9FB6139", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.3:*:*:*:*:*:*:*", "matchCriteriaId": "4FA5E262-7825-496F-AA72-0AD6DE6F3C78", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.4:*:*:*:*:*:*:*", "matchCriteriaId": "56C6C01B-4CED-4F37-A415-0603496C27DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.5:*:*:*:*:*:*:*", "matchCriteriaId": "9E62F6FA-6C96-4AEE-8547-8C2FE1FAD998", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.6:*:*:*:*:*:*:*", "matchCriteriaId": "FE3ACE7A-A600-4ABB-B988-5D59D626DC0B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers."}, {"lang": "es", "value": "Condici\u00f3n de carrera en el sistema de llamada tee (sys_tee) en el Linux kernel 2.6.17 hasta la 2.6.17.6 podr\u00eda permitir a usuarios locales provocar denegaci\u00f3n de servicio (caida de sistema), obteniendo informaci\u00f3n sensible (contenidos de la memoria del kernel), o ganar privilegios a trav\u00e9s de vectores no especificados relacionado con una ipie potencialmente disiminuida cerrada durante una carrera entre dos lecturas de pipe."}], "id": "CVE-2007-0997", "lastModified": "2008-09-05T21:19:22.830", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-18T19:17:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.18"}, {"source": "secalert@redhat.com", "url": "http://lkml.org/lkml/2006/7/17/140"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}