{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2008:0885", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0885.html"}, {"name": "[linux-kernel] 20071212 Re: [PATCH] tmpfs: restore missing clear_highpage", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=linux-kernel&m=119743651829347&w=2"}, {"name": "[linux-kernel] 20071128 [PATCH] tmpfs: restore missing clear_highpage", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=linux-kernel&m=119627664702379&w=2"}, {"name": "28806", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28806"}, {"name": "[linux-kernel] 20071215 Re: [PATCH] tmpfs: restore missing clear_highpage", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=linux-kernel&m=119769771026243&w=2"}, {"name": "DSA-1436", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1436"}, {"name": "28141", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28141"}, {"name": "oval:org.mitre.oval:def:8920", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8920"}, {"name": "28706", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28706"}, {"name": "MDVSA-2008:112", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:112"}, {"name": "27694", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27694"}, {"name": "MDVSA-2008:086", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:086"}, {"name": "32023", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32023"}, {"name": "SUSE-SA:2008:006", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html"}, {"name": "USN-574-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-574-1"}, {"name": "28971", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28971"}, {"name": "USN-578-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-578-1"}, {"name": "44120", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/44120"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6417", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2008:0885", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0885.html"}, {"name": "[linux-kernel] 20071212 Re: [PATCH] tmpfs: restore missing clear_highpage", "refsource": "MLIST", "url": "http://marc.info/?l=linux-kernel&m=119743651829347&w=2"}, {"name": "[linux-kernel] 20071128 [PATCH] tmpfs: restore missing clear_highpage", "refsource": "MLIST", "url": "http://marc.info/?l=linux-kernel&m=119627664702379&w=2"}, {"name": "28806", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28806"}, {"name": "[linux-kernel] 20071215 Re: [PATCH] tmpfs: restore missing clear_highpage", "refsource": "MLIST", "url": "http://marc.info/?l=linux-kernel&m=119769771026243&w=2"}, {"name": "DSA-1436", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1436"}, {"name": "28141", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28141"}, {"name": "oval:org.mitre.oval:def:8920", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8920"}, {"name": "28706", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28706"}, {"name": "MDVSA-2008:112", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:112"}, {"name": "27694", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27694"}, {"name": "MDVSA-2008:086", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:086"}, {"name": "32023", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32023"}, {"name": "SUSE-SA:2008:006", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html"}, {"name": "USN-574-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-574-1"}, {"name": "28971", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28971"}, {"name": "USN-578-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-578-1"}, {"name": "44120", "refsource": "OSVDB", "url": "http://osvdb.org/44120"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:02:36.846Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2008:0885", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0885.html"}, {"name": "[linux-kernel] 20071212 Re: [PATCH] tmpfs: restore missing clear_highpage", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=linux-kernel&m=119743651829347&w=2"}, {"name": "[linux-kernel] 20071128 [PATCH] tmpfs: restore missing clear_highpage", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=linux-kernel&m=119627664702379&w=2"}, {"name": "28806", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28806"}, {"name": "[linux-kernel] 20071215 Re: [PATCH] tmpfs: restore missing clear_highpage", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=linux-kernel&m=119769771026243&w=2"}, {"name": "DSA-1436", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1436"}, {"name": "28141", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28141"}, {"name": "oval:org.mitre.oval:def:8920", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8920"}, {"name": "28706", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28706"}, {"name": "MDVSA-2008:112", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:112"}, {"name": "27694", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27694"}, {"name": "MDVSA-2008:086", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:086"}, {"name": "32023", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32023"}, {"name": "SUSE-SA:2008:006", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html"}, {"name": "USN-574-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-574-1"}, {"name": "28971", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28971"}, {"name": "USN-578-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-578-1"}, {"name": "44120", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/44120"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6417", "datePublished": "2007-12-18T00:00:00", "dateReserved": "2007-12-17T00:00:00", "dateUpdated": "2024-08-07T16:02:36.846Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "9D90502F-EC45-4ADC-9428-B94346DA660B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "F43EBCB4-FCF4-479A-A44D-D913F7F09C77", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*", "matchCriteriaId": "6143DC1F-D62E-4DB2-AF43-30A07413D68B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "5220F0FE-C4CC-4E75-A16A-4ADCABA7E8B8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*", "matchCriteriaId": "7344B707-6145-48BA-8BC9-9B140A260BCF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "34E60197-56C3-485C-9609-B1C4A0E0FCB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*", "matchCriteriaId": "9E86E13B-EC92-47F3-94A9-DB515313011D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "C06F0037-DE20-4B4A-977F-BFCFAB026517", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19:*:*:*:*:*:*:*", "matchCriteriaId": "179147E4-5247-451D-9409-545D661BC158", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20:*:*:*:*:*:*:*", "matchCriteriaId": "C6940324-0383-4510-BA55-770E0A6B80B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:*:*:*:*:*:*:*", "matchCriteriaId": "50B422D1-6C6E-4359-A169-3EED78A1CF40", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*", "matchCriteriaId": "615BDD1D-36AA-4976-909B-F0F66BF1090C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*", "matchCriteriaId": "5C6A3A30-FEA4-40B6-98A9-1840BB4E8CBE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash)."}, {"lang": "es", "value": "La funci\u00f3n shmem_getpage (mm/shmem.c) en el kernel de Linux versi\u00f3n 2.6.11 hasta 2.6.23 no borra de manera apropiada la memoria asignada en algunas circunstancias extra\u00f1as relacionadas con tmpfs, lo que podr\u00eda permitir a los usuarios locales leer datos confidenciales del kernel o causar una denegaci\u00f3n de servicio (bloqueo)."}], "id": "CVE-2007-6417", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-12-18T00:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=linux-kernel&m=119627664702379&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=linux-kernel&m=119743651829347&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=linux-kernel&m=119769771026243&w=2"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/44120"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28141"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28706"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28806"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28971"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32023"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1436"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:086"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:112"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0885.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27694"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-574-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-578-1"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8920"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=linux-kernel&m=119627664702379&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=linux-kernel&m=119743651829347&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=linux-kernel&m=119769771026243&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/44120"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28141"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28706"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28806"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28971"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1436"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:086"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0885.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27694"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-574-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-578-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8920"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.\n\nIt was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0885.html", "lastModified": "2009-01-15T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2008:0885", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-92.1.13.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2008-09-24T00:00:00Z"}], "bugzilla": {"description": "tmpfs: restore missing clear_highpage (kernels from 2.6.11 up)", "id": "426081", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=426081"}, "csaw": false, "details": ["The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash)."], "name": "CVE-2007-6417", "public_date": "2007-11-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-6417\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-6417"], "statement": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.", "threat_severity": "Moderate"}

{}