#VU92691 Resource management errors in Linux kernel - CVE-2008-5033

Cybersecurity Help s.r.o.

Published: 2008-11-10 | Updated: 2017-08-08

Vulnerability identifier: #VU92691

Vulnerability risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2008-5033

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management errors error within the chip_command() function in drivers/media/video/tvaudio.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1
https://secunia.com/advisories/32918
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.19
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.7
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.3
https://www.mandriva.com/security/advisories?name=MDVSA-2008:246
https://www.securityfocus.com/bid/32094
https://www.ubuntu.com/usn/usn-679-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/46544

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Resource management errors in Linux kernel media video driver