#VU94777 Double free in Linux kernel - CVE-2006-5701

Cybersecurity Help s.r.o.

Published: 2006-11-04 | Updated: 2024-07-26

Vulnerability identifier: #VU94777

Vulnerability risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2006-5701

CWE-ID: CWE-415

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://projects.info-pull.com/mokb/MOKB-02-11-2006.html
https://secunia.com/advisories/22655
https://secunia.com/advisories/23361
https://secunia.com/advisories/23384
https://secunia.com/advisories/24259
https://www.mandriva.com/security/advisories?name=MDKSA-2007:047
https://www.securityfocus.com/bid/20870
https://www.ubuntu.com/usn/usn-395-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/29967

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Double free in Linux kernel