CVE-2008-3527

arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d91d531900bfa1165d445390b3b13a8013f98f7
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/32485	Vendor Advisory
http://secunia.com/advisories/32759	Vendor Advisory
http://secunia.com/advisories/33180	Vendor Advisory
http://www.debian.org/security/2008/dsa-1687
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21
http://www.redhat.com/support/errata/RHSA-2008-0957.html
http://www.securitytracker.com/id?1021137
https://bugzilla.redhat.com/show_bug.cgi?id=460251
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d91d531900bfa1165d445390b3b13a8013f98f7
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/32485	Vendor Advisory
http://secunia.com/advisories/32759	Vendor Advisory
http://secunia.com/advisories/33180	Vendor Advisory
http://www.debian.org/security/2008/dsa-1687
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21
http://www.redhat.com/support/errata/RHSA-2008-0957.html
http://www.securitytracker.com/id?1021137
https://bugzilla.redhat.com/show_bug.cgi?id=460251
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.2.27:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.36:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.36.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.36.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.36.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.36.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.36.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.36.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18:rc1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.18:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.18:rc3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.18:rc4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.18:rc5::::::
	cpe:2.3:o:linux:linux_kernel:2.6.18:rc6::::::
	cpe:2.3:o:linux:linux_kernel:2.6.18:rc7::::::
	cpe:2.3:o:linux:linux_kernel:2.6.19.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19.7:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.20.16:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.20.17:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.20.18:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.20.19:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.20.20:::::::*

History

21 Nov 2024, 00:49

Type	Values Removed	Values Added
References	~~() http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d91d531900bfa1165d445390b3b13a8013f98f7 -~~	() http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d91d531900bfa1165d445390b3b13a8013f98f7 -
References	~~() http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html -
References	~~() http://secunia.com/advisories/32485 - Vendor Advisory~~	() http://secunia.com/advisories/32485 - Vendor Advisory
References	~~() http://secunia.com/advisories/32759 - Vendor Advisory~~	() http://secunia.com/advisories/32759 - Vendor Advisory
References	~~() http://secunia.com/advisories/33180 - Vendor Advisory~~	() http://secunia.com/advisories/33180 - Vendor Advisory
References	~~() http://www.debian.org/security/2008/dsa-1687 -~~	() http://www.debian.org/security/2008/dsa-1687 -
References	~~() http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21 -~~	() http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21 -
References	~~() http://www.redhat.com/support/errata/RHSA-2008-0957.html -~~	() http://www.redhat.com/support/errata/RHSA-2008-0957.html -
References	~~() http://www.securitytracker.com/id?1021137 -~~	() http://www.securitytracker.com/id?1021137 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=460251 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=460251 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602 -

Information

Published : 2008-11-05 15:00

Updated : 2025-04-09 00:30

NVD link : CVE-2008-3527

Mitre link : CVE-2008-3527

CVE.ORG link : CVE-2008-3527

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2008-3527", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-11-05T15:00:14.147", "references": [{"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d91d531900bfa1165d445390b3b13a8013f98f7", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/32485", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/32759", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/33180", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2008/dsa-1687", "source": "secalert@redhat.com"}, {"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1021137", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=460251", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602", "source": "secalert@redhat.com"}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d91d531900bfa1165d445390b3b13a8013f98f7", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/32485", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/32759", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/33180", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2008/dsa-1687", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1021137", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=460251", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions."}, {"lang": "es", "value": "arch/i386/kernel/sysenter.c en la implementaci\u00f3n Virtual Dynamic Shared Objects (vDSO) para el kernel de Linux anterior a v2.6.21, no comprueba de forma adecuada los l\u00edmites; esto permite a usuarios locales ganar privilegios o provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados. Est\u00e1 relacionado con las funciones install_special_mapping, syscall y syscall32_nopage."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "455AF113-2E2D-46F2-8F92-C21E06E5B39F", "versionEndIncluding": "2.6.20.21"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.2.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43F9DBB0-8AF7-42CA-95DD-68A344E9D549"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA39D4CE-22F0-46A2-B8CF-4599675E7D3A"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDD00664-A27C-4514-A2A4-079E8F9B0251"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E336C792-B7A1-4318-8050-DE9F03474CEF"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7228AE50-BACB-4AB8-9CE5-17DB0CD661AF"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6D260FD-E55E-4A95-AB7F-B880DBE37BAD"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E36D0159-1A05-4628-9C1C-360DED0F438C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E6654B9-42EB-4C2C-8F71-710D50556180"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FC560CC-F785-42D5-A25B-1BA02E7AC464"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C06F0037-DE20-4B4A-977F-BFCFAB026517"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1817C772-D367-4ABE-B835-466D31A6DC89"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C667B8E4-64EB-4A05-84FF-B2243DEF757D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9484B41A-DFB6-4481-80D8-440C711CEA53"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53D373AF-DE6B-428E-9F0F-F1D220900A4D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2975DF7-F916-456C-BF7C-2694559E5282"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D156EFF-D2E5-4F42-B6E7-954DE6CD90B4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "784EB96E-2FD3-4F77-8DB6-4D6C7A928946"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86A98A70-51E3-4556-8DC4-DD09CF370D1A"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "469EE3B0-3CC2-4AC2-86A0-2DF34205E707"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCFECB2B-6482-45F2-B3BB-EDDEDA0948A0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EC547EB-9308-4477-8256-A0E04B42D6DA"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F55A024-9F8E-44F8-A0D8-696BC232524A"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84595143-3B04-4CE8-81C0-28EEEC58CD0E"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32EE2B49-DDEB-4B49-A5F0-CAA161095A5F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3ABFA33-8FA1-488E-A9BD-1593F495F595"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62F6DE3A-E6CC-4D7E-BD08-E43DC4182200"}], "operator": "OR"}]}], "vendorComments": [{"comment": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.\n\nIt was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0957.html", "lastModified": "2009-01-15T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "secalert@redhat.com"}

4.6 /10