#VU99943 Missing release of memory after effective lifetime in Linux kernel - CVE-2004-0415
Published: November 23, 2004 / Updated: November 6, 2024
Vulnerability identifier: #VU99943
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2004-0415
CWE-ID: CWE-401
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to gain access to sensitive information.
Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.
Remediation
Install update from vendor's repository.
External links
- ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000879
- http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:087
- http://www.redhat.com/support/errata/RHSA-2004-413.html
- http://www.redhat.com/support/errata/RHSA-2004-418.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16877
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9965