Vulnerability Description
Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.2.7 |
| Redhat | Enterprise Linux | 3.0 |
| Redhat | Enterprise Linux Desktop | 3.0 |
| Trustix | Secure Linux | 2 |
References
- http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
- http://isec.pl/vulnerabilities/isec-0022-pagefault.txt
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html
- http://marc.info/?l=bugtraq&m=110554694522719&w=2
- http://marc.info/?l=bugtraq&m=110581146702951&w=2
- http://secunia.com/advisories/13822
- http://secunia.com/advisories/20163
- http://secunia.com/advisories/20202
- http://secunia.com/advisories/20338
- http://securitytracker.com/id?1012862
- http://www.debian.org/security/2006/dsa-1067
- http://www.debian.org/security/2006/dsa-1069
- http://www.debian.org/security/2006/dsa-1070
- http://www.debian.org/security/2006/dsa-1082
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
FAQ
What is CVE-2005-0001?
CVE-2005-0001 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary c...
How severe is CVE-2005-0001?
CVE-2005-0001 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0001?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Trustix Secure Linux.