Vulnerability Description
Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.6.28 |
Related Weaknesses (CWE)
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=473259
- http://marc.info/?l=linux-netdev&m=122721862313564&w=2
- http://marc.info/?l=linux-netdev&m=122765505415944&w=2
- http://osvdb.org/50272
- http://secunia.com/advisories/32913
- http://secunia.com/advisories/32998
- http://secunia.com/advisories/33083
- http://secunia.com/advisories/33348
- http://secunia.com/advisories/33556
- http://secunia.com/advisories/33706
- http://secunia.com/advisories/33756
- http://secunia.com/advisories/33854
- http://securityreason.com/securityalert/4673
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0332
- http://www.debian.org/security/2008/dsa-1681
FAQ
What is CVE-2008-5300?
CVE-2008-5300 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collectio...
How severe is CVE-2008-5300?
CVE-2008-5300 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5300?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.