CVE-2007-6417

{"id": "CVE-2007-6417", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-12-18T00:46:00.000", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=linux-kernel&m=119627664702379&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=linux-kernel&m=119743651829347&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=linux-kernel&m=119769771026243&w=2", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/44120", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28141", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28706", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28806", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28971", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32023", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2007/dsa-1436", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:086", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:112", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0885.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27694", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-574-1", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-578-1", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8920", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=linux-kernel&m=119627664702379&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=linux-kernel&m=119743651829347&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=linux-kernel&m=119769771026243&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/44120", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/28141", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/28706", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/28806", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/28971", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/32023", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2007/dsa-1436", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:086", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:112", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0885.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/27694", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/usn-574-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/usn-578-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8920", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash)."}, {"lang": "es", "value": "La funci\u00f3n shmem_getpage (mm/shmem.c) en el kernel de Linux versi\u00f3n 2.6.11 hasta 2.6.23 no borra de manera apropiada la memoria asignada en algunas circunstancias extra\u00f1as relacionadas con tmpfs, lo que podr\u00eda permitir a los usuarios locales leer datos confidenciales del kernel o causar una denegaci\u00f3n de servicio (bloqueo)."}], "lastModified": "2024-11-21T00:40:06.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D90502F-EC45-4ADC-9428-B94346DA660B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F43EBCB4-FCF4-479A-A44D-D913F7F09C77"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6143DC1F-D62E-4DB2-AF43-30A07413D68B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5220F0FE-C4CC-4E75-A16A-4ADCABA7E8B8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7344B707-6145-48BA-8BC9-9B140A260BCF"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34E60197-56C3-485C-9609-B1C4A0E0FCB2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E86E13B-EC92-47F3-94A9-DB515313011D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C06F0037-DE20-4B4A-977F-BFCFAB026517"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "179147E4-5247-451D-9409-545D661BC158"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6940324-0383-4510-BA55-770E0A6B80B7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50B422D1-6C6E-4359-A169-3EED78A1CF40"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "615BDD1D-36AA-4976-909B-F0F66BF1090C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C6A3A30-FEA4-40B6-98A9-1840BB4E8CBE"}], "operator": "OR"}]}], "vendorComments": [{"comment": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.\n\nIt was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0885.html", "lastModified": "2009-01-15T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}