CVE-2005-0815

Linux Kernel <= 2.6.11 - Denial of Service or Memory Corruption via ISO9660 Filesystem Handler

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0815. PoCs published by Michal Zalewski.

AI-analyzed exploit summary This exploit targets a Linux kernel vulnerability (CVE-2005-0815) in ISO9660 filesystem handling. It creates a malformed ISO image with corrupted directory structures and repeatedly mounts it to trigger a kernel oops or crash, potentially leading to arbitrary code execution with ring-zero privileges.

Description

Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Michal Zalewski · bashdoslinux

https://www.exploit-db.com/exploits/25234

View Code ZIP pw:eip

This exploit targets a Linux kernel vulnerability (CVE-2005-0815) in ISO9660 filesystem handling. It creates a malformed ISO image with corrupted directory structures and repeatedly mounts it to trigger a kernel oops or crash, potentially leading to arbitrary code execution with ring-zero privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: Linux kernel up to and including version 2.6.11

No auth needed

Prerequisites: Access to a vulnerable Linux system · Ability to mount ISO images

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/1878

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/18684

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/19741

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-366.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12837

Various Sources x_refsource_confirm

http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.12-rc1

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2006-0190.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/393590

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17002

Issue Tracking vendor-advisory x_refsource_fedora

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2006:072

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-663.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9307

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2006-0191.html

Scores

EPSS 0.1343

EPSS Percentile 95.9%

Details

Status published

Products (50)

linux/linux_kernel 2.0

linux/linux_kernel 2.0.1

linux/linux_kernel 2.0.2

linux/linux_kernel 2.0.3

linux/linux_kernel 2.0.4

linux/linux_kernel 2.0.5

linux/linux_kernel 2.0.6

linux/linux_kernel 2.0.7

linux/linux_kernel 2.0.8

linux/linux_kernel 2.0.9

... and 40 more

Published May 02, 2005

Tracked Since Feb 18, 2026