CVE-2008-0600

EXPLOITED

Linux Kernel 2.6.17-2.6.24.1 - Local Privilege Escalation via vmsplice_to_pipe Pointer Dereference

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2008-0600 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including qaaz.

AI-analyzed exploit summary This exploit leverages the vmsplice vulnerability (CVE-2008-0600) in Linux kernels 2.6.23-2.6.24 to achieve local privilege escalation by manipulating kernel memory and overwriting process credentials.

Description

The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.

Exploits (2)

exploitdb WORKING POC VERIFIED
by qaaz · clocallinux
https://www.exploit-db.com/exploits/5093

This exploit leverages the vmsplice vulnerability (CVE-2008-0600) in Linux kernels 2.6.23-2.6.24 to achieve local privilege escalation by manipulating kernel memory and overwriting process credentials.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linux kernel 2.6.23 - 2.6.24
No auth needed
Prerequisites: Local access to the vulnerable system · Kernel version 2.6.23-2.6.24
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by qaaz · clocallinux
https://www.exploit-db.com/exploits/5092

This is a local privilege escalation exploit for CVE-2008-0600, targeting a vulnerability in the Linux kernel's vmsplice system call (versions 2.6.17 to 2.6.24.1). It manipulates memory structures to gain root privileges by overwriting kernel memory.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel 2.6.17 - 2.6.24.1
No auth needed
Prerequisites: Local access to the target system · Vulnerable kernel version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (40)

Core 40
Core References
Exploit mailing-list x_refsource_mlist
http://marc.info/?l=linux-kernel&m=120263652322197&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27801
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:043
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11358
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28858
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1494
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=432517
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-577-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28875
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28933
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0487/references
Exploit mailing-list x_refsource_mlist
http://marc.info/?l=linux-kernel&m=120266353621139&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28889
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28937
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5092
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0052
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29245
Exploit mailing-list x_refsource_mlist
http://marc.info/?l=linux-kernel&m=120264520431307&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28896
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28925
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28835
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-2237
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488009/100/0/threaded
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2008-0052
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28912
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0129.html
Exploit mailing-list x_refsource_mlist
http://marc.info/?l=linux-kernel&m=120266328220808&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1019393
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30818
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=432229
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27704
Exploit mailing-list x_refsource_mlist
http://marc.info/?l=linux-kernel&m=120264773202422&w=2

Scores

EPSS 0.0030
EPSS Percentile 53.7%

Details

VulnCheck KEV 2010-08-12
CWE
CWE-94
Status published
Products (32)
linux/linux_kernel 2.6.17 (7 CPE variants)
linux/linux_kernel 2.6.17.1
linux/linux_kernel 2.6.17.2
linux/linux_kernel 2.6.17.3
linux/linux_kernel 2.6.17.4
linux/linux_kernel 2.6.17.5
linux/linux_kernel 2.6.17.6
linux/linux_kernel 2.6.17.7
linux/linux_kernel 2.6.17.8
linux/linux_kernel 2.6.17.9
... and 22 more
Published Feb 12, 2008
Tracked Since Feb 18, 2026