CVE-2004-2607
Last modified
CVE-2004-2607 is a vulnerability of currently unknown severity. A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.
Description
A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | 2.4.0 | Test1 |
| Linux | Linux Kernel | 2.4.18 | — |
| Linux | Linux Kernel | 2.4.19 | Pre1 |
| Linux | Linux Kernel | 2.4.21 | Pre1 |
| Linux | Linux Kernel | 2.4.22 | Pre10 |
| Linux | Linux Kernel | 2.4.23 | — |
| Linux | Linux Kernel | 2.4.23_ow2 | — |
| Linux | Linux Kernel | 2.4.24 | — |
| Linux | Linux Kernel | 2.4.24_ow1 | — |
| Linux | Linux Kernel | 2.4.25 | — |
| Linux | Linux Kernel | 2.4.26 | — |
| Linux | Linux Kernel | 2.4.27 | — |
| Linux | Linux Kernel | 2.4.28 | — |
| Linux | Linux Kernel | 2.4.29 | — |
| Linux | Linux Kernel | 2.6.0 | — |
| Linux | Linux Kernel | 2.6.1 | Rc1 |
| Linux | Linux Kernel | 2.6.2 | — |
| Linux | Linux Kernel | 2.6.3 | — |
| Linux | Linux Kernel | 2.6.4 | — |
| Linux | Linux Kernel | 2.6.5 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2004-2607?
How severe is CVE-2004-2607?
How do I fix CVE-2004-2607?
Are you affected by CVE-2004-2607?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST