Resource management errors in Linux kernel - CVE-2005-3105
Published: September 30, 2005 / Updated: August 13, 2018
Vulnerability identifier: #VU99921
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2005-3105
CWE-ID: CWE-399
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform service disruption.
The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections.
How to mitigate CVE-2005-3105
Install update from vendor's repository.
Sources
- http://cache-www.intel.com/cd/00/00/21/57/215792_215792.pdf
- http://linux.bkbits.net:8080/linux-2.6/cset@4248d4019z8HvgrPAji51TKrWiV2uw?nav=index.html|src/|src/mm|related/mm/mprotect.c
- http://secunia.com/advisories/18056
- http://www.debian.org/security/2005/dsa-922
- http://www.intel.com/cd/ids/developer/asmo-na/eng/215766.htm
- http://www.redhat.com/support/errata/RHSA-2005-514.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11283