Published: 04/08/2005 Updated: 09/02/2024

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.0
debian debian linux 3.1

David Howells discovered a local Denial of Service vulnerability in the key session joining function Under certain user-triggerable conditions, a semaphore was not released properly, which caused processes which also attempted to join a key session to hang forever This only affects Ubuntu 504 (Hoary Hedgehog) (CAN-2005-2098) ...

Synopsis Updated kernel packages available for Red Hat Enterprise Linux 4 Update 2 Type/Severity Security Advisory: Important Topic Updated kernel packages are now available as part of ongoing supportand maintenance of Red Hat Enterprise Linux version 4 This is thesecond regular updateThis update has bee ...

Synopsis Updated kernel packages available for Red Hat Enterprise Linux 3 Update 6 Type/Severity Security Advisory: Important Topic Updated kernel packages are now available as part of ongoing support andmaintenance of Red Hat Enterprise Linux version 3 This is the sixthregular updateThis security adviso ...

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0756 Alexander Nyberg discovered that the ptrace() system call does not properly verify addre ...

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2004-2302 A race condition in the sysfs filesystem allows local users to read kernel memory and ca ...

CWE-667 http://www.securityfocus.com/bid/14477 http://secunia.com/advisories/16298 http://secunia.com/advisories/16500 http://www.novell.com/linux/security/advisories/2005_50_kernel.html http://www.debian.org/security/2005/dsa-922 http://www.debian.org/security/2005/dsa-921 http://secunia.com/advisories/18056 http://secunia.com/advisories/18059 http://www.redhat.com/support/errata/RHSA-2005-514.html http://www.redhat.com/support/errata/RHSA-2005-663.html http://secunia.com/advisories/17073 http://secunia.com/advisories/17826 http://secunia.com/advisories/17002 http://www.vupen.com/english/advisories/2005/1878 http://www.mandriva.com/security/advisories?name=MDKSA-2005:220 http://www.mandriva.com/security/advisories?name=MDKSA-2005:219 https://exchange.xforce.ibmcloud.com/vulnerabilities/21710 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10858 https://usn.ubuntu.com/169-1/http://www.securityfocus.com/archive/1/427980/100/0/threaded http://www.mail-archive.com/netdev%40vger.kernel.org/msg00520.html http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=blobdiff%3Bh=8da3e25b2c4c1f305fd85428d3a9eb62b543bfba%3Bhp=ecade4893a139cc35d4fe345ce70242ede5358c4%3Bhb=a4f1bac62564049ea4718c4624b0fadc9f597c84%3Bf=net/xfrm/xfrm_user.c http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a4f1bac62564049ea4718c4624b0fadc9f597c84 https://usn.ubuntu.com/169-1/https://nvd.nist.gov

CVE-2005-2456

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect