Main Vulnerability Database SB2007022401

SB2007022401 - Memory corruption in Linux kernel

Published: February 24, 2007 Updated: November 5, 2024

Security Bulletin ID SB2007022401

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory corruption (CVE-ID: CVE-2006-7051)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory.

Remediation

Install update from vendor's website.

References

http://securityreason.com/securityalert/2287
http://www.securityfocus.com/archive/1/430278/30/5790/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/25712
https://www.exploit-db.com/exploits/1657