CVE

CVE-2006-2448

Date: (C)2006-06-23   (M)2023-12-22

Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.6
Exploit Score: 1.9
Impact Score: 9.2
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: COMPLETE
Integrity: NONE
Availability: COMPLETE

Reference:

BID-18616

2006-0037

http://www.securityfocus.com/archive/1/438168/100/0/threaded

SECUNIA-20703

SECUNIA-20831

SECUNIA-20991

SECUNIA-21179

SECUNIA-21465

SECUNIA-21498

SECUNIA-22417

ADV-2006-2451

RHSA-2006:0575

SUSE-SA:2006:042

SUSE-SA:2006:047

USN-311-1

http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm

http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c85d1f9d358b24c5b05c3a2783a78423775a080

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.21

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194215

oval:org.mitre.oval:def:10040