Published: 12/03/2006 Updated: 07/11/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

sys_mbind in mempolicy.c in Linux kernel 2.6.16 and previous versions does not sanity check the maxnod variable before making certain computations for the get_nodes function, which has unknown impact and attack vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.11
linux linux kernel 2.6.4
linux linux kernel 2.6.12
linux linux kernel 2.6.14
linux linux kernel 2.6.11.2
linux linux kernel 2.6.5
linux linux kernel 2.6.15.3
linux linux kernel 2.6.11.10
linux linux kernel 2.6.10
linux linux kernel 2.6.13
linux linux kernel 2.6.1
linux linux kernel 2.6.16
linux linux kernel 2.6.7
linux linux kernel 2.6.14.7
linux linux kernel 2.6.3
linux linux kernel
linux linux kernel 2.6.15
linux linux kernel 2.6.13.3
linux linux kernel 2.6.11.8
linux linux kernel 2.6.14.4
linux linux kernel 2.6.14.3
linux linux kernel 2.6.11.6
linux linux kernel 2.6.11.11
linux linux kernel 2.6.9
linux linux kernel 2.6.15.6
linux linux kernel 2.6.15.1
linux linux kernel 2.6.11.5
linux linux kernel 2.6.8
linux linux kernel 2.6.2
linux linux kernel 2.6.6
linux linux kernel 2.6.14.5
linux linux kernel 2.6.13.2
linux linux kernel 2.6.13.5
linux linux kernel 2.6.14.1
linux linux kernel 2.6.12.5
linux linux kernel 2.6.15.7
linux linux kernel 2.6.14.6
linux linux kernel 2.6.12.1
linux linux kernel 2.6.11.9
linux linux kernel 2.6.0
linux linux kernel 2.6.13.4
linux linux kernel 2.6.12.2
linux linux kernel 2.6.15.2
linux linux kernel 2.6.12.4
linux linux kernel 2.6.11.3
linux linux kernel 2.6.12.3
linux linux kernel 2.6.15.4
linux linux kernel 2.6.12.6
linux linux kernel 2.6.11.7
linux linux kernel 2.6.14.2
linux linux kernel 2.6.8.1
linux linux kernel 2.6.11.4
linux linux kernel 2.6.11.12
linux linux kernel 2.6.15.5
linux linux kernel 2.6.11.1
linux linux kernel 2.6.13.1

The sys_mbind() function did not properly verify the validity of the ‘maxnod’ argument A local user could exploit this to trigger a buffer overflow, which caused a kernel crash (CVE-2006-0557) ...

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3359 Franz Filz discovered that some socket calls permit causing inconsistent reference count ...

NVD-CWE-Other http://securitytracker.com/id?1015752 http://www.vupen.com/english/advisories/2006/2554 https://usn.ubuntu.com/281-1/http://www.osvdb.org/23895 http://lkml.org/lkml/2006/2/27/355 http://www.securityfocus.com/bid/16924 https://exchange.xforce.ibmcloud.com/vulnerabilities/25204 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=636f13c174dd7c84a437d3c3e8fa66f03f7fda63 http://www.novell.com/linux/security/advisories/2006-05-31.html http://secunia.com/advisories/19955 http://www.debian.org/security/2006/dsa-1103 http://rhn.redhat.com/errata/RHBA-2007-0304.html https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=184510 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=636f13c174dd7c84a437d3c3e8fa66f03f7fda63 http://secunia.com/advisories/20398 http://www.mandriva.com/security/advisories?name=MDKSA-2006:059 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9674 http://secunia.com/advisories/20914 https://usn.ubuntu.com/281-1/https://nvd.nist.gov

CVE-2006-0557

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect