CVE-2004-2536

Published: 10/25/2005 Last updated: 8/8/2024 Reserved: 10/25/2005

The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (1)

Product	Vendor	Version
n/a	n/a	QCA6595AU

References (14)

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6
https://exchange.xforce.ibmcloud.com/vulnerabilities/16106
http://www.osvdb.org/5997
http://www.securityfocus.com/bid/10302
http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1242.html
http://secunia.com/advisories/11577
http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1265.html
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6
https://exchange.xforce.ibmcloud.com/vulnerabilities/16106
http://www.osvdb.org/5997
http://www.securityfocus.com/bid/10302
http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1242.html
http://secunia.com/advisories/11577
http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1265.html