A vulnerability classified as problematic was found in Linux Kernel 2.4.22 (Operating System). This vulnerability affects an unknown function of the component O_DIRECT Handler. The manipulation with an unknown input leads to a privileges management vulnerability. The CWE definition for the vulnerability is CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. As an impact it is known to affect confidentiality, and integrity. CVE summarizes:

Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain sensitive data that was originally owned by other users, a different vulnerability than CVE-2003-0018.

The weakness was published 12/31/2003 (Website). The advisory is available at linux.bkbits.net. This vulnerability was named CVE-2003-0956 since 11/26/2003. The exploitation appears to be difficult. Local access is required to approach this attack. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1068 by the MITRE ATT&CK project.

Upgrading to version 2.4.22 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (42942). Similar entries are available at 21072 and 21071.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 2.4.22

License

• open-source

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion