Memory corruption in Linux kernel - CVE-2004-0535
Published: August 6, 2004 / Updated: October 11, 2017
Vulnerability identifier: #VU99792
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2004-0535
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to gain access to sensitive information.
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a 'buffer overflow' by some sources.
How to mitigate CVE-2004-0535
Install update from vendor's repository.
Sources
- ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845
- http://lwn.net/Articles/91155/
- http://security.gentoo.org/glsa/glsa-200407-02.xml
- http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.log
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:062
- http://www.novell.com/linux/security/advisories/2004_20_kernel.html
- http://www.redhat.com/support/errata/RHSA-2004-413.html
- http://www.redhat.com/support/errata/RHSA-2004-418.html
- http://www.securityfocus.com/bid/10352
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16159
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11136