Vulnerability Description
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.6.0 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.htmlExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
- http://marc.info/?l=linux-kernel&m=111630512512222
- http://www.redhat.com/support/errata/RHSA-2005-420.html
- http://www.securityfocus.com/archive/1/427980/100/0/threaded
- http://www.securityfocus.com/bid/13651
- http://www.vupen.com/english/advisories/2005/0557
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.htmlExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
- http://marc.info/?l=linux-kernel&m=111630512512222
- http://www.redhat.com/support/errata/RHSA-2005-420.html
- http://www.securityfocus.com/archive/1/427980/100/0/threaded
FAQ
What is CVE-2005-1264?
CVE-2005-1264 is a vulnerability with a CVSS score of 7.2 (HIGH). Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible...
How severe is CVE-2005-1264?
CVE-2005-1264 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1264?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.