7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
10.9%
The Linux kernel handles the basic functions of the operating system.
Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux
kernel versions 2.4.23 and previous which may allow a local attacker to
gain root privileges. No exploit is currently available; however, it is
believed that this issue is exploitable (although not trivially.) The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0985 to this issue.
All users of Red Hat Enterprise Linux 3 are advised to upgrade to these
errata packages, which contain a backported security patch that corrects
this issue.
Red Hat would like to thank Paul Starzetz from ISEC for disclosing this
issue as well as Andrea Arcangeli and Solar Designer for working on the patch.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | kernel-unsupported | < 2.4.21-4.0.2.EL | kernel-unsupported-2.4.21-4.0.2.EL.ia64.rpm |
RedHat | any | ia64 | kernel-doc | < 2.4.21-4.0.2.EL | kernel-doc-2.4.21-4.0.2.EL.ia64.rpm |
RedHat | any | ia64 | kernel | < 2.4.21-4.0.2.EL | kernel-2.4.21-4.0.2.EL.ia64.rpm |
RedHat | any | ia64 | kernel-source | < 2.4.21-4.0.2.EL | kernel-source-2.4.21-4.0.2.EL.ia64.rpm |