CVE-2002-2016

User-mode Linux 2.4.17-8 - Local Arbitrary Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2016. PoCs published by Andrew Griffiths.

AI-analyzed exploit summary The provided text describes a vulnerability in User-Mode Linux (UML) where kernel address space is not properly protected from user programs, potentially allowing arbitrary code execution and privilege escalation. It references a known issue with UML's memory protection implementation.

Description

User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel address space, which allows local users to execute arbitrary code.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Andrew Griffiths · textlocallinux

https://www.exploit-db.com/exploits/21248

View Code ZIP pw:eip

The provided text describes a vulnerability in User-Mode Linux (UML) where kernel address space is not properly protected from user programs, potentially allowing arbitrary code execution and privilege escalation. It references a known issue with UML's memory protection implementation.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: User-Mode Linux (UML)

No auth needed

Prerequisites: Access to a UML environment

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/3973

Patch vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/8005.php

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-01/0338.html

Scores

EPSS 0.0114

EPSS Percentile 62.6%

Details

Status published

Products (1)

user-mode_linux/user-mode_linux 2.4.17.8

Published Dec 31, 2002

Tracked Since Feb 18, 2026