SB2005050212 - Improper input validation in Linux kernel
Published: May 2, 2005
Security Bulletin ID
SB2005050212
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper input validation (CVE-ID: CVE-2005-1368)
The vulnerability allows a local user to perform service disruption.
The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow attackers to cause a denial of service (oops) via SMP.
Remediation
Install update from vendor's website.