Strix
26.1K

CVE-2004-0435

UnknownEPSS 0.33%

Last modified

CVE-2004-0435 is a vulnerability of currently unknown severity. Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.. EPSS estimates a 0.33% chance of exploitation in the next 30 days.

Description

Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.

Metrics

EPSS Probability
0.33%

24.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersionsUpdate
FreebsdFreebsd4.0Releng
FreebsdFreebsd4.8
FreebsdFreebsd4.9
FreebsdFreebsd4.10
FreebsdFreebsd5.2
FreebsdFreebsd5.2.1Release

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2004-0435?
Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.
How severe is CVE-2004-0435?
Severity scoring for CVE-2004-0435 is pending analysis. The EPSS model estimates a 0.33% probability of exploitation in the next 30 days.
How do I fix CVE-2004-0435?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-0435?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST