CVE-2004-0535

high

Description

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11136

https://exchange.xforce.ibmcloud.com/vulnerabilities/16159

http://www.securityfocus.com/bid/10352

http://www.redhat.com/support/errata/RHSA-2004-418.html

http://www.redhat.com/support/errata/RHSA-2004-413.html

http://www.novell.com/linux/security/advisories/2004_20_kernel.html

http://www.mandriva.com/security/advisories?name=MDKSA-2004:062

http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.log

http://security.gentoo.org/glsa/glsa-200407-02.xml

http://lwn.net/Articles/91155/

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168

Details

Source: Mitre, NVD

Published: 2004-08-06

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High