CVE-2004-2536

Linux kernel 2.6-2.6.5 - Privilege Escalation

Title source: llm

Description

The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.

References (7)

[Vendor Advisory] http://secunia.com/advisories/11577

[Exploit, Patch] http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1242.html

[Various Sources] http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1265.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16106

[Vendor Advisory] http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/10302

[Third Party Advisory, VDB Entry] http://www.osvdb.org/5997

Scores

EPSS 0.0048

EPSS Percentile 64.8%

Classification

Status draft

Affected Products (8)

linux/linux_kernel

Timeline

Published Dec 31, 2004

Tracked Since Feb 18, 2026