CVE-2008-4302 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-4302 PUBLISHED CVSS 5.5 MEDIUM

fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.

EPSS 0.16% · 36.3th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.16%

36.3th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
debian	debian_linux	4.0
linux	linux_kernel	0
redhat	enterprise_linux	5.0

Timeline

Sep 29, 2008 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

[oss-security] 20080916 CVE request: kernel: splice: fix bad unlock_page() in error case mailing-list
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=6a860c979b35469e4d77da781a96bdb2ca05ae64 url
32485 third-party-advisory
32237 third-party-advisory
RHSA-2008:0957 vendor-advisory
linux-kernel-addtopagecachelru-dos(45191) vdb
DSA-1653 vendor-advisory
oval:org.mitre.oval:def:10547 vdb
https://bugzilla.redhat.com/show_bug.cgi?id=462434 url
32759 third-party-advisory
[linux-kernel] 20070720 [PATCH] splice: fix bad unlock_page() in error case mailing-list
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2 url
SUSE-SR:2008:025 vendor-advisory
31201 vdb
http://www.juniper.net/security/auto/vulnerabilities/vuln31201.html url
https://nvd.nist.gov/vuln/detail/CVE-2008-4302 advisory
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=6a860c979b35469e4d77da781a96bdb2ca05ae64 url

Open in Interactive Console →