CVE-2003-0018

Linux kernel <2.4.22 - Info Disclosure

Title source: llm

Description

Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.

References (7)

[Various Sources] http://linux.bkbits.net:8080/linux-2.4/cset%403e2f193drGJDBg9SG6JwaDQwCBnAMQ

[Patch, Vendor Advisory] http://www.debian.org/security/2004/dsa-423

[Vendor Advisory] http://www.iss.net/security_center/static/11249.php

[Various Sources] http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:014

[Patch, Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2003-025.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/6763

[Third Party Advisory] http://www.debian.org/security/2003/dsa-358

Scores

EPSS 0.0007

EPSS Percentile 20.9%

Classification

Status draft

Affected Products (10)

linux/linux_kernel

Timeline

Published Feb 19, 2003

Tracked Since Feb 18, 2026