VDB
CVE-2006-1524
CVE-2006-1524
PUBLISHED
CVSS 3.5999999046325684 LOW
madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071.
EPSS 0.07% · 20.6th percentile
Risk Scores
CVSS 2.0
3.5999999046325684
EPSS Score
0.07%
20.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| linux | linux_kernel | 2.6.16.1, 2.6.16.2, 2.6.16.3 |
Timeline
- Apr 19, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- linux-madvise-security-bypass(25870) vdb
- 19735 third-party-advisory
- ADV-2006-2554 vdb
- ADV-2006-1391 vdb
- 19664 third-party-advisory
- FEDORA-2006-423 vendor-advisory
- DSA-1097 vendor-advisory
- SUSE-SA:2006:028 vendor-advisory
- DSA-1103 vendor-advisory
- 24714 vdb
- 17587 vdb
- ADV-2006-1475 vdb
- 20398 third-party-advisory
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6 url
- 19657 third-party-advisory
- 20671 third-party-advisory
- 20914 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2006-1524 advisory
- http://lwn.net/Alerts/180820 url