Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Good to know:
Date: August 18, 2009
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.
Weakness Type (CWE)
Improper Privilege ManagementCWE-269
Upgrade to version v2.6.31-rc6
|Attack Vector (AV):||LOCAL|
|Attack Complexity (AC):||HIGH|
|Privileges Required (PR):||NONE|
|User Interaction (UI):||NONE|
|Access Vector (AV):||LOCAL|
|Access Complexity (AC):||MEDIUM|