Vulnerabilities > CVE-2004-2536 - Local IO Access Inheritance vulnerability in Linux Kernel

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

linux

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 2.6.0 Linux Linux Kernel 2.6.1 Linux Linux Kernel 2.6.2 Linux Linux Kernel 2.6.3 Linux Linux Kernel 2.6.4 Linux Linux Kernel 2.6.5	8

References

http://secunia.com/advisories/11577
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6
http://www.osvdb.org/5997
http://www.securityfocus.com/bid/10302
http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1242.html
http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1265.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/16106