Back to search
CVE-2004-2536
Published: Oct 25, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6
x_refsource_CONFIRM
linux-exitthread-gain-privileges(16106)
vdb-entry
x_refsource_XF
5997
vdb-entry
x_refsource_OSVDB
10302
vdb-entry
x_refsource_BID
20040507 Bug in IO bitmap handling? Probably exploitable (2.6.5)
mailing-list
x_refsource_MLIST
11577
third-party-advisory
x_refsource_SECUNIA
20040507 Re: Bug in IO bitmap handling? Probably exploitable (2.6.5)
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now