5.2 Medium
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
41.7%
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
marc.info/?l=linux-kernel&m=111630512512222
www.redhat.com/support/errata/RHSA-2005-420.html
www.securityfocus.com/archive/1/427980/100/0/threaded
www.securityfocus.com/bid/13651
www.vupen.com/english/advisories/2005/0557
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10264