Improper input validation in Linux kernel - CVE-2004-0812
Published: April 14, 2005 / Updated: October 11, 2017
Vulnerability identifier: #VU94812
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2004-0812
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform service disruption.
Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with 'setting up TSS limits,' allows local users to cause a denial of service (crash) and possibly execute arbitrary code.
How to mitigate CVE-2004-0812
Install update from vendor's repository.
Sources
- http://linux.bkbits.net:8080/linux-2.6/cset@3fad673ber4GuU7iWppydzNIyLntEQ
- http://secunia.com/advisories/13359
- http://www.ciac.org/ciac/bulletins/p-047.shtml
- http://www.redhat.com/support/errata/RHSA-2004-549.html
- http://www.securityfocus.com/bid/11794
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18346
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11375