CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
10.1%
The Linux kernel before 2.6.31-rc7 does not properly prevent mmap
operations that target page zero and other low memory addresses, which
allows local users to gain privileges by exploiting NULL pointer
dereference vulnerabilities, related to (1) the default configuration of
the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise
Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be
ignored in the unconfined_t domain, (3) lack of a requirement for the
CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction
between the mmap_min_addr protection mechanism and certain application
programs.