The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.11:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.13:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.17.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.19:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.19.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.19.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.19.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.11:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.13:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.15:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21:git1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21:git2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21:git3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21:git4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21:git5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21:git6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21:git7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.22:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.22.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.22.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.22.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.22.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.22.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.22.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.22.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.23:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.23:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.23.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.23.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.23.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.23.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.23.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.23.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.23.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.23.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.24:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.24:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.24.1:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 5
kernel-0:2.6.18-53.1.13.el5 cpe:/o:redhat:enterprise_linux:5 RHSA-2008:0129 2008-02-12T00:00:00Z
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html cve-icon cve-icon
http://marc.info/?l=linux-kernel&m=120263652322197&w=2 cve-icon cve-icon
http://marc.info/?l=linux-kernel&m=120264520431307&w=2 cve-icon cve-icon
http://marc.info/?l=linux-kernel&m=120264773202422&w=2 cve-icon cve-icon
http://marc.info/?l=linux-kernel&m=120266328220808&w=2 cve-icon cve-icon
http://marc.info/?l=linux-kernel&m=120266353621139&w=2 cve-icon cve-icon
http://secunia.com/advisories/28835 cve-icon cve-icon
http://secunia.com/advisories/28858 cve-icon cve-icon
http://secunia.com/advisories/28875 cve-icon cve-icon
http://secunia.com/advisories/28889 cve-icon cve-icon
http://secunia.com/advisories/28896 cve-icon cve-icon
http://secunia.com/advisories/28912 cve-icon cve-icon
http://secunia.com/advisories/28925 cve-icon cve-icon
http://secunia.com/advisories/28933 cve-icon cve-icon
http://secunia.com/advisories/28937 cve-icon cve-icon
http://secunia.com/advisories/29245 cve-icon cve-icon
http://secunia.com/advisories/30818 cve-icon cve-icon
http://securitytracker.com/id?1019393 cve-icon cve-icon
http://wiki.rpath.com/Advisories:rPSA-2008-0052 cve-icon cve-icon
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0052 cve-icon cve-icon
http://www.debian.org/security/2008/dsa-1494 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2008:043 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2008:044 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0129.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/488009/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/27704 cve-icon cve-icon
http://www.securityfocus.com/bid/27801 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-577-1 cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/0487/references cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=432229 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=432517 cve-icon cve-icon
https://issues.rpath.com/browse/RPL-2237 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2008-0600 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11358 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2008-0600 cve-icon
https://www.exploit-db.com/exploits/5092 cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00270.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00485.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2008-02-12T20:00:00

Updated: 2024-08-07T07:54:21.972Z

Reserved: 2008-02-05T00:00:00

Link: CVE-2008-0600

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2008-02-12T21:00:00.000

Modified: 2023-02-13T02:18:44.107

Link: CVE-2008-0600

cve-icon Redhat

Severity : Important

Publid Date: 2008-02-09T00:00:00Z

Links: CVE-2008-0600 - Bugzilla