4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
29.9%
The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4,
2.6.25, and possibly earlier versions, when the UTF-8 console is used,
allows physically proximate attackers to cause a denial of service (memory
corruption) by selecting a small number of 3-byte UTF-8 characters, which
triggers an “off-by-two memory error.” NOTE: it is not clear whether this
issue crosses privilege boundaries.