CVE-2005-1264

2005-05-1704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

linux kernel

security boundaries

ioctl

vulnerability

5.2 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

41.7%

JSON

Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.5
linux:linux_kernellinux linux kerneleq2.6.1
linux:linux_kernellinux linux kerneleq2.6.0
linux:linux_kernellinux linux kerneleq2.6.3
linux:linux_kernellinux linux kerneleq2.6.4
linux:linux_kernellinux linux kerneleq2.6_test9_cvs
linux:linux_kernellinux linux kerneleq2.6.7
linux:linux_kernellinux linux kerneleq2.6.2
linux:linux_kernellinux linux kerneleq2.6.8
linux:linux_kernellinux linux kerneleq2.6.6

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.5
linux:linux_kernel	linux linux kernel	eq	2.6.1
linux:linux_kernel	linux linux kernel	eq	2.6.0
linux:linux_kernel	linux linux kernel	eq	2.6.3
linux:linux_kernel	linux linux kernel	eq	2.6.4
linux:linux_kernel	linux linux kernel	eq	2.6_test9_cvs
linux:linux_kernel	linux linux kernel	eq	2.6.7
linux:linux_kernel	linux linux kernel	eq	2.6.2
linux:linux_kernel	linux linux kernel	eq	2.6.8
linux:linux_kernel	linux linux kernel	eq	2.6.6