CVE-2008-1675

high

Description

The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.

References

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html

https://usn.ubuntu.com/614-1/

https://issues.rpath.com/browse/RPL-2501

https://exchange.xforce.ibmcloud.com/vulnerabilities/42132

http://www.vupen.com/english/advisories/2008/1406/references

http://www.securitytracker.com/id?1019960

http://www.securityfocus.com/bid/29014

http://www.securityfocus.com/archive/1/491732/100/0/threaded

http://www.securityfocus.com/archive/1/491566/100/0/threaded

http://www.mandriva.com/security/advisories?name=MDVSA-2008:167

http://www.mandriva.com/security/advisories?name=MDVSA-2008:109

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157

http://wiki.rpath.com/Advisories:rPSA-2008-0157

http://secunia.com/advisories/30515

http://secunia.com/advisories/30260

http://secunia.com/advisories/30044

http://secunia.com/advisories/30017

Details

Source: Mitre, NVD

Published: 2008-05-02

Updated: 2018-10-11

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High