CVE-2003-0956

Linux kernel <2.4.22 - Info Disclosure

Title source: llm

Description

Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain sensitive data that was originally owned by other users, a different vulnerability than CVE-2003-0018.

References (2)

[Various Sources] http://linux.bkbits.net:8080/linux-2.4/cset%403ef33d95ym_22QH2xwhDMt264M55Fg

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42942

Scores

EPSS 0.0008

EPSS Percentile 22.8%

Classification

Status draft

Affected Products (1)

linux/linux_kernel

Timeline

Published Dec 31, 2003

Tracked Since Feb 18, 2026