Vulnerability CVE-2008-0009: Information

Description

The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.

Severity: LOW (2.1)

References to Advisories, Solutions, and Tools

1. Affected configurations:

   1. Configuration 1

      cpe:2.3:o:linux:linux_kernel:2.6.23.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.22.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.23.7:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.22.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.23.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.22.7:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.23:rc2:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.23.9:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.22.6:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.23.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.22.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.23:rc1:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.23.14:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.24:rc2:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.23.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.23.6:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.22:rc6:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.22.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:linux:linux_kernel:2.6.22.16:*:*:*:*:*:*:*

      ---