#VU99921 Resource management errors in Linux kernel - CVE-2005-3105
Published: September 30, 2005 / Updated: August 13, 2018
Vulnerability identifier: #VU99921
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2005-3105
CWE-ID: CWE-399
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform service disruption.
The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections.
Remediation
Install update from vendor's repository.
External links
- http://cache-www.intel.com/cd/00/00/21/57/215792_215792.pdf
- http://linux.bkbits.net:8080/linux-2.6/cset@4248d4019z8HvgrPAji51TKrWiV2uw?nav=index.html|src/|src/mm|related/mm/mprotect.c
- http://secunia.com/advisories/18056
- http://www.debian.org/security/2005/dsa-922
- http://www.intel.com/cd/ids/developer/asmo-na/eng/215766.htm
- http://www.redhat.com/support/errata/RHSA-2005-514.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11283