Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-3247

The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors.

Published

2008-07-24T15:41:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System linux linux_kernel 2.6.25 Yes
Operating System linux linux_kernel 2.6.25.1 Yes
Operating System linux linux_kernel 2.6.25.2 Yes
Operating System linux linux_kernel 2.6.25.3 Yes
Operating System linux linux_kernel 2.6.25.4 Yes
Operating System linux linux_kernel 2.6.25.5 Yes
Operating System linux linux_kernel 2.6.25.6 Yes
Operating System linux linux_kernel 2.6.25.7 Yes
Operating System linux linux_kernel 2.6.25.8 Yes
Operating System linux linux_kernel 2.6.25.9 Yes
Operating System linux linux_kernel 2.6.25.10 Yes
Operating System linux linux_kernel 2.6.25.11 Yes
Operating System linux linux_kernel 2.6.25.12 Yes
References