CVE-2006-5757

Linux Kernel - Denial of Service via ISO9660 Filesystem Race Condition

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5757. PoCs published by LMH.

AI-analyzed exploit summary The provided text describes a local denial-of-service vulnerability in the Linux kernel's ISO9660 filesystem handling code. It references an external source for the exploit payload but does not contain executable code itself.

Description

Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures.

Exploits (1)

exploitdb WRITEUP VERIFIED
by LMH · textdoslinux
https://www.exploit-db.com/exploits/28912

The provided text describes a local denial-of-service vulnerability in the Linux kernel's ISO9660 filesystem handling code. It references an external source for the exploit payload but does not contain executable code itself.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: Linux kernel (versions affected by CVE-2006-5757)
No auth needed
Prerequisites: Local access to the target system · Ability to mount an ISO9660 filesystem
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (23)

Core 23
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24098
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_79_kernel.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20920
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30029
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4359
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2007-0014.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:012
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23593
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-416-1
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10111
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23752
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24206
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23474
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22746
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23997
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/471457
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:002
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1304
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25714
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25691
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22702

Scores

EPSS 0.0076
EPSS Percentile 50.3%

Details

CWE
CWE-17 CWE-399
Status published
Products (26)
linux/linux_kernel 2.6.0 test1 (11 CPE variants)
linux/linux_kernel 2.6.1 (3 CPE variants)
linux/linux_kernel 2.6.2
linux/linux_kernel 2.6.3
linux/linux_kernel 2.6.4
linux/linux_kernel 2.6.5
linux/linux_kernel 2.6.6 (2 CPE variants)
linux/linux_kernel 2.6.7 (2 CPE variants)
linux/linux_kernel 2.6.8 (4 CPE variants)
linux/linux_kernel 2.6.9 2.6.20
... and 16 more
Published Nov 06, 2006
Tracked Since Feb 18, 2026