CVE-2008-3527

2008-11-0515:00:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-3527

linux kernel

vdso

security

boundary check

privilege escalation

denial of service

6.3 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.18
linux:linux_kernellinux linux kerneleq2.4.36.6
linux:linux_kernellinux linux kerneleq2.4.36.2
linux:linux_kernellinux linux kerneleq2.6.20.16
linux:linux_kernellinux linux kerneleq2.6.19.4
linux:linux_kernellinux linux kerneleq2.4.36.1
linux:linux_kernellinux linux kerneleq2.6.20.17
linux:linux_kernellinux linux kerneleq2.4.36.4
linux:linux_kernellinux linux kerneleq2.6.20.20
linux:linux_kernellinux linux kerneleq2.4.36.3

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.18
linux:linux_kernel	linux linux kernel	eq	2.4.36.6
linux:linux_kernel	linux linux kernel	eq	2.4.36.2
linux:linux_kernel	linux linux kernel	eq	2.6.20.16
linux:linux_kernel	linux linux kernel	eq	2.6.19.4
linux:linux_kernel	linux linux kernel	eq	2.4.36.1
linux:linux_kernel	linux linux kernel	eq	2.6.20.17
linux:linux_kernel	linux linux kernel	eq	2.4.36.4
linux:linux_kernel	linux linux kernel	eq	2.6.20.20
linux:linux_kernel	linux linux kernel	eq	2.4.36.3