CVE-2008-2137
Vulnerability Summary
Timeline
Description
The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mmap calls.
CVSS Metrics
- v2.0•MEDIUM•Score: 4.4AV:L/AC:M/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 0.10%• Percentile: 27%
Techniques & Countermeasures
- CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Affected Systems
- debian•debian_linux
4.0
- linux•linux_kernel
2.6.0 | 2.6.1 | 2.6.2 | 2.6.3 | 2.6.4 | 2.6.5 | 2.6.6 | 2.6.7 | 2.6.8 | 2.6.9 | 2.6.10 | 2.6.11 | 2.6.11.4 | 2.6.11.5 | 2.6.11.6 | 2.6.11.7 | 2.6.11.8 | 2.6.11.11 | 2.6.11.12 | 2.6.12 | 2.6.12.1 | 2.6.12.2 | 2.6.12.3 | 2.6.12.4 | 2.6.12.5 | 2.6.12.6 | 2.6.12.12 | 2.6.12.22 | 2.6.13 | 2.6.13.1 | 2.6.13.2 | 2.6.13.3 | 2.6.13.4 | 2.6.14 | 2.6.14.1 | 2.6.14.2 | 2.6.14.3 | 2.6.14.4 | 2.6.14.5 | 2.6.15 | 2.6.15.1 | 2.6.15.2 | 2.6.15.3 | 2.6.15.4 | 2.6.15.5 | 2.6.15.11 | 2.6.16 | 2.6.16.13 | 2.6.16.27 | 2.6.17 | 2.6.17.1 | 2.6.17.2 | 2.6.17.3 | 2.6.17.5 | 2.6.17.6 | 2.6.17.7 | 2.6.17.8 | 2.6.17.10 | 2.6.17.11 | 2.6.17.12 | 2.6.17.13 | 2.6.17.14 | 2.6.18 | 2.6.18.1 | 2.6.18.3 | 2.6.18.4 | 2.6.19 | 2.6.19.1 | 2.6.19.2 | 2.6.20 | 2.6.20.1 | 2.6.20.2 | 2.6.20.3 | 2.6.20.4 | 2.6.20.5 | 2.6.20.8 | 2.6.20.9 | 2.6.20.11 | 2.6.20.13 | 2.6.20.15 | 2.6.21 | 2.6.21.1 | 2.6.21.2 | 2.6.21.4 | 2.6.21.6 | 2.6.21.7 | 2.6.22 | 2.6.22.3 | 2.6.22.4 | 2.6.22.5 | 2.6.22.6 | 2.6.22.7 | 2.6.22.8 | 2.6.22.11 | 2.6.22.12 | 2.6.22.13 | 2.6.22.14 | 2.6.22.15 | 2.6.22.16 | 2.6.22.17 | 2.6.23 | 2.6.23.1 | 2.6.23.2 | 2.6.23.3 | 2.6.23.4 | 2.6.23.5 | 2.6.23.6 | 2.6.23.7 | 2.6.23.9 | 2.6.23.14 | 2.6.24.1 | 2.6.24.2 | 2.6.25 | 2.6.25.1 | 2.6.25.2
References (12)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42681
- http://secunia.com/advisories/30368
- http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.5
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3
- http://www.vupen.com/english/advisories/2008/1716/references
- http://www.securitytracker.com/id?1020119
- http://secunia.com/advisories/30499
- http://www.debian.org/security/2008/dsa-1588
- http://www.securityfocus.com/bid/29397
- http://secunia.com/advisories/31107
- http://kerneltrap.org/mailarchive/git-commits-head/2008/5/8/1760604
- http://www.ubuntu.com/usn/usn-625-1