CVE-2008-0600

EXPLOITED

Linux Kernel - Code Injection

Title source: rule

Description

The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.

Exploits (2)

exploitdb WORKING POC VERIFIED
by qaaz · clocallinux
https://www.exploit-db.com/exploits/5093
exploitdb WORKING POC VERIFIED
by qaaz · clocallinux
https://www.exploit-db.com/exploits/5092

References (40)

... and 20 more

Scores

EPSS 0.0028
EPSS Percentile 51.2%

Details

VulnCheck KEV 2010-08-12
CWE
CWE-94
Status published
Products (32)
linux/linux_kernel 2.6.17 (7 CPE variants)
linux/linux_kernel 2.6.17.1
linux/linux_kernel 2.6.17.2
linux/linux_kernel 2.6.17.3
linux/linux_kernel 2.6.17.4
linux/linux_kernel 2.6.17.5
linux/linux_kernel 2.6.17.6
linux/linux_kernel 2.6.17.7
linux/linux_kernel 2.6.17.8
linux/linux_kernel 2.6.17.9
... and 22 more
Published Feb 12, 2008
Tracked Since Feb 18, 2026