CVE-2008-3535

2008-08-0819:41:00

CWE-193

[email protected]

web.nvd.nist.gov

cve-2008-3535

linux kernel

off-by-one error

iov_iter_advance

denial of service

system crash

nvd

file i/o operations

4.9 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the Linux Test Project.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.27
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.27
debian:debian_linux	debian debian linux	eq	4.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06