CVE-2005-0736

Linux kernel <2.6.12 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-0736. PoCs published by alert7, sd.

AI-analyzed exploit summary This exploit targets a local privilege escalation vulnerability in Linux kernels up to 2.6.11 due to an integer overflow in sys_epoll_wait. It overwrites kernel memory to escalate privileges to root by manipulating the IDT and thread structures.

Description

Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.

Exploits (2)

exploitdb WORKING POC VERIFIED
by alert7 · clocallinux
https://www.exploit-db.com/exploits/1397

This exploit targets a local privilege escalation vulnerability in Linux kernels up to 2.6.11 due to an integer overflow in sys_epoll_wait. It overwrites kernel memory to escalate privileges to root by manipulating the IDT and thread structures.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux Kernel <= 2.6.11
No auth needed
Prerequisites: Local access to the target system · Kernel version <= 2.6.11
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by sd · clocallinux
https://www.exploit-db.com/exploits/25202

This exploit leverages a local integer overflow vulnerability in the Linux kernel (2.6.11 and below) to overwrite low kernel memory, facilitating privilege escalation. It manipulates the epoll subsystem to achieve arbitrary kernel memory writes and modifies the IDT to execute a custom stub in ring 0.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel 2.6.11 and below
No auth needed
Prerequisites: Local access to the target system · Kernel version 2.6.11 or below
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-366.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12763
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_18_kernel.html
Patch, Vendor Advisory mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032314.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9870
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-293.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/95-1/

Scores

EPSS 0.0209
EPSS Percentile 79.2%

Details

Status published
Products (17)
conectiva/linux 10.0
linux/linux_kernel 2.6.0
linux/linux_kernel 2.6.1
linux/linux_kernel 2.6.2
linux/linux_kernel 2.6.3
linux/linux_kernel 2.6.4
linux/linux_kernel 2.6.5
linux/linux_kernel 2.6.6
linux/linux_kernel 2.6.7
linux/linux_kernel 2.6.8
... and 7 more
Published Mar 09, 2005
Tracked Since Feb 18, 2026