- Description
- The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 4.7
- Impact score
- 6.9
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:N/I:N/A:C
- nvd@nist.gov
- CWE-399
- Hype score
- Not currently trending
- Red HatThis issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-0451.html .
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71295664-89EC-4BB3-9F86-B1DDA20FAC5A"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26BD805F-08EB-42EC-BC54-26A7278E5089"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "217715A5-E69D-45C0-B8E4-5681528C651B"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A87AD66C-4321-4459-8556-3B0BA38C493A"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87A347E0-9C0B-4674-9363-3C36DA27AC45"
}
],
"operator": "OR"
}
]
}
]