CVE-2005-1264

critical

Description

Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10264

http://www.vupen.com/english/advisories/2005/0557

http://www.securityfocus.com/bid/13651

http://www.securityfocus.com/archive/1/427980/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2005-420.html

http://marc.info/?l=linux-kernel&m=111630512512222

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10

http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html

Details

Source: Mitre, NVD

Published: 2005-05-17

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical