The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions prior to 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel 2.6.12 |
||
linux linux kernel 2.6.14 |
||
linux linux kernel 2.6.15.3 |
||
linux linux kernel 2.6.16 |
||
linux linux kernel 2.6.13 |
||
linux linux kernel 2.6.15 |
||
linux linux kernel 2.6.13.3 |
||
linux linux kernel 2.6.14.4 |
||
linux linux kernel 2.6.14.3 |
||
linux linux kernel 2.6.15.1 |
||
linux linux kernel 2.6.14.5 |
||
linux linux kernel 2.6.13.2 |
||
linux linux kernel 2.6.17 |
||
linux linux kernel 2.6.14.1 |
||
linux linux kernel 2.6.12.5 |
||
linux linux kernel 2.6.12.1 |
||
linux linux kernel 2.6.13.4 |
||
linux linux kernel 2.6.12.2 |
||
linux linux kernel 2.6.15.2 |
||
linux linux kernel 2.6.12.4 |
||
linux linux kernel 2.6.12.3 |
||
linux linux kernel 2.6.15.4 |
||
linux linux kernel 2.6.12.6 |
||
linux linux kernel 2.6.14.2 |
||
linux linux kernel 2.6.15.5 |
||
linux linux kernel 2.6.13.1 |