Description
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Paul Starzetz · clocallinux
https://www.exploit-db.com/exploits/160
exploitdb
WORKING POC
VERIFIED
by Christophe Devine · clocallinux
https://www.exploit-db.com/exploits/154
References (36)
... and 16 more
Scores
EPSS
0.0011
EPSS Percentile
29.1%
Details
Status
published
Products (36)
linux/linux_kernel
2.2.0
linux/linux_kernel
2.2.1
linux/linux_kernel
2.2.2
linux/linux_kernel
2.2.3
linux/linux_kernel
2.2.4
linux/linux_kernel
2.2.5
linux/linux_kernel
2.2.6
linux/linux_kernel
2.2.7
linux/linux_kernel
2.2.8
linux/linux_kernel
2.2.9
... and 26 more
Published
Mar 03, 2004
Tracked Since
Feb 18, 2026