CVE-2006-5158

Published Oct 5, 2006

Last updated 3 months ago

CVSS high 7.5

Overview

Description: The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 3.3
Impact score: 2.9
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-667

Hype score: Not currently trending

Vendor comments

Red HatRed Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 4: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210128 This issue does not affect Red Hat Enterprise Linux 2.1 or 3.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E917BCE-CB50-4C5A-AF43-D0C9ACDE2D46",
            "versionEndExcluding": "2.6.16"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "951339CF-0922-4391-8C0C-9729E8137B91"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73322DEE-27A6-4D18-88A3-ED7F9CAEABD5"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B5DCF29-6830-45FF-BC88-17E2249C653D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FA3A32E-445A-4D39-A8D5-75F5370AD23D"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References