CVE-2008-3535
First published: Fri Aug 08 2008(Updated: )
Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the Linux Test Project.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <2.6.27 | |
| Linux Kernel | =2.6.27 | |
| Linux Kernel | =2.6.27-rc1 | |
| Debian GNU/Linux | =4.0 | |
| Ubuntu Linux | =6.06 | |
| Ubuntu Linux | =7.10 | |
| Ubuntu Linux | =8.04 | |
| Debian | =4.0 | |
| Ubuntu | =7.10 | |
| Ubuntu | =8.04 | |
| Ubuntu | =6.06 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.lkml.org/lkml/2008/7/30/446
- http://mirror.celinuxforum.org/gitstat/commit-detail.php?commit=94ad374a0751f40d25e22e036c37f7263569d24c
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc2
- http://www.securityfocus.com/bid/31132
- http://www.debian.org/security/2008/dsa-1636
- http://secunia.com/advisories/31881
- http://www.redhat.com/support/errata/RHSA-2008-0857.html
- http://secunia.com/advisories/32190
- http://www.ubuntu.com/usn/usn-659-1
- http://secunia.com/advisories/32393
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44492
Frequently Asked Questions
What is the severity of CVE-2008-3535?
CVE-2008-3535 has been designated a medium severity level due to its ability to cause a denial of service.
How do I fix CVE-2008-3535?
To mitigate CVE-2008-3535, upgrade your Linux kernel to version 2.6.27 or later.
Which systems are affected by CVE-2008-3535?
CVE-2008-3535 affects Linux kernel versions prior to 2.6.27 and Debian 4.0 and various Ubuntu versions.
What type of attack does CVE-2008-3535 facilitate?
CVE-2008-3535 can facilitate a denial of service attack resulting in a system crash.
Is CVE-2008-3535 an exploit that requires remote access?
No, CVE-2008-3535 requires local user access to exploit the vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.27
- version/linux kernel/2.6.27-rc1
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/4.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/6.06
- version/ubuntu linux/7.10
- version/ubuntu linux/8.04
- canonical/debian
- version/debian/4.0
- canonical/ubuntu
- version/ubuntu/7.10
- version/ubuntu/8.04
- version/ubuntu/6.06