CVE-2007-2875

2007-06-1122:30:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2007-2875

integer underflow

cpuset_tasks_read

linux kernel

local users

kernel memory

nvd

5.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.7%

JSON

Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt2.6.20.13
linux:linux_kernellinux linux kernellt2.6.21.4
debian:debian_linuxdebian debian linuxeq3.1
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.10

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	2.6.20.13
linux:linux_kernel	linux linux kernel	lt	2.6.21.4
debian:debian_linux	debian debian linux	eq	3.1
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.10