Resource management errors in Linux kernel - CVE-2008-1675
Published: May 2, 2008 / Updated: October 11, 2018
Vulnerability identifier: #VU95206
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2008-1675
CWE-ID: CWE-399
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to execute arbitrary code.
The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.
How to mitigate CVE-2008-1675
Install update from vendor's repository.
Sources
- http://marc.info/?l=linux-kernel&m=120949204519706&w=2
- http://marc.info/?l=linux-kernel&m=120949204619718&w=2
- http://marc.info/?l=linux-kernel&m=120949582428998&w=2
- http://secunia.com/advisories/30017
- http://secunia.com/advisories/30044
- http://secunia.com/advisories/30260
- http://secunia.com/advisories/30515
- http://wiki.rpath.com/Advisories:rPSA-2008-0157
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:109
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:167
- http://www.securityfocus.com/archive/1/491566/100/0/threaded
- http://www.securityfocus.com/archive/1/491732/100/0/threaded
- http://www.securityfocus.com/bid/29014
- http://www.securitytracker.com/id?1019960
- http://www.vupen.com/english/advisories/2008/1406/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42132
- https://issues.rpath.com/browse/RPL-2501
- https://usn.ubuntu.com/614-1/
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html