CVE-2006-1524

Linux kernel <2.6.16.7 - Privilege Escalation

Title source: llm

Description

madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071.

References (17)

[Various Sources] http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.6

[Various Sources] http://lwn.net/Alerts/180820/

[Patch, Vendor Advisory] http://secunia.com/advisories/19657

[Vendor Advisory] http://secunia.com/advisories/19664

[Vendor Advisory] http://secunia.com/advisories/19735

[Vendor Advisory] http://secunia.com/advisories/20398

[Vendor Advisory] http://secunia.com/advisories/20671

[Vendor Advisory] http://secunia.com/advisories/20914

[Patch] http://www.securityfocus.com/bid/17587

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/1391

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/1475

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/2554

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/25870

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2006-05-31.html

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1097

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1103

[Third Party Advisory, VDB Entry] http://www.osvdb.org/24714

Scores

EPSS 0.0007

EPSS Percentile 20.1%

Classification

CWE

CWE-264

Status draft

Affected Products (7)

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

Timeline

Published Apr 19, 2006

Tracked Since Feb 18, 2026