SB2004010501 - Missing release of memory after effective lifetime in Linux kernel
Published: January 5, 2004
Security Bulletin ID
SB2004010501
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Missing release of memory after effective lifetime (CVE-ID: CVE-2003-0984)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to read and manipulate data.
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.
Remediation
Install update from vendor's website.
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799
- http://marc.info/?l=bugtraq&m=107394143105081&w=2
- http://secunia.com/advisories/10533
- http://secunia.com/advisories/10536
- http://secunia.com/advisories/10537
- http://secunia.com/advisories/10538
- http://secunia.com/advisories/10555
- http://secunia.com/advisories/10582
- http://secunia.com/advisories/10583
- http://secunia.com/advisories/20162
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:001
- http://www.novell.com/linux/security/advisories/2003_049_kernel.html
- http://www.osvdb.org/3317
- http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00000.html
- http://www.redhat.com/support/errata/RHSA-2003-417.html
- http://www.redhat.com/support/errata/RHSA-2004-188.html
- http://www.securityfocus.com/bid/9154
- http://www.securitytracker.com/id?1008594
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13943
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1013
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A859
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9406