CVE-2008-2372

Published Jul 2, 2008

Last updated 2 years ago

CVSS info 4.9

Overview

Description: The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages."
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.9
Impact score: 6.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13673DF5-09B1-40C8-AC54-A447DE8AB01E"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71295664-89EC-4BB3-9F86-B1DDA20FAC5A"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37BE853A-BA6F-4A70-B166-E34441F0B7DE"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85064FDF-4B62-43BF-B36C-F659D739BC22"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEADC505-FF44-4D45-8EA6-B23A1C4564D1"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CE3C807-5C9B-4B71-868B-DF17ECB1514F"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6CADAA2-91D2-40C4-90F3-D7F40A3D4CB0"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45B6847C-873B-4BE1-852D-239115E59BA4"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF41209E-D27F-4642-A405-90E822A41897"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97F59FD9-46E5-4F63-80A0-091AD44D1867"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References