CVE-2004-0427 : The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does

The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service (memory exhaustion) via the clone (CLONE_VM) system call.

Published 2004-07-07 04:00:00

Updated 2024-01-26 18:56:09

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2004-0427

Linux » Linux Kernel
Versions from including (>=) 2.4.0 and before (<) 2.4.26
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 2.6.0 and before (<) 2.6.6
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-0427

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 14 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-0427

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2004-0427

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2004-0427

http://marc.info/?l=linux-kernel&m=108139073506983&w=2

'[PATCH]: 2.4/2.6 do_fork() error path memory leak' - MARC
Mailing List;Third Party Advisory
http://secunia.com/advisories/11891

About Secunia Research | Flexera
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10297

404 Not Found
Broken Link
http://www.ciac.org/ciac/bulletins/o-164.shtml

Broken Link
http://www.redhat.com/support/errata/RHSA-2004-260.html

Support
Broken Link

CVEs referencing this url
ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc

Broken Link;Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/10221

Broken Link;Third Party Advisory;VDB Entry
http://secunia.com/advisories/11541

About Secunia Research | Flexera
Broken Link
http://www.redhat.com/support/errata/RHSA-2004-255.html

Support
Broken Link

CVEs referencing this url
http://fedoranews.org/updates/FEDORA-2004-111.shtml

FedoraNEWS.ORG
Third Party Advisory

CVEs referencing this url
http://www.turbolinux.com/security/2004/TLSA-2004-14.txt

404 Not Found
Broken Link

CVEs referencing this url
http://www.debian.org/security/2006/dsa-1069

[SECURITY] [DSA 1069-1] New Linux kernel 2.4.18 packages fix several vulnerabilities
Broken Link

CVEs referencing this url
http://secunia.com/advisories/11486

About Secunia Research | Flexera
Broken Link
http://secunia.com/advisories/11861

About Secunia Research | Flexera
Broken Link
http://www.novell.com/linux/security/advisories/2004_10_kernel.html

404 Page Not Found | SUSE
Broken Link

CVEs referencing this url
http://secunia.com/advisories/11429

About Secunia Research | Flexera
Broken Link

CVEs referencing this url
http://secunia.com/advisories/11892

About Secunia Research | Flexera
Broken Link
http://linux.bkbits.net:8080/linux-2.4/cset@407bf20eDeeejm8t36_tpvSE-8EFHA
https://exchange.xforce.ibmcloud.com/vulnerabilities/16002

Linux kernel do_fork memory leak CVE-2004-0427 Vulnerability Report
Third Party Advisory;VDB Entry
http://linux.bkbits.net:8080/linux-2.6/cset@407b1217x4jtqEkpFW2g_-RcF0726A
http://secunia.com/advisories/20202

About Secunia Research | Flexera
Broken Link
http://www.redhat.com/support/errata/RHSA-2004-327.html

Support
Broken Link
http://www.debian.org/security/2006/dsa-1082

[SECURITY] [DSA 1082-1] New Linux kernel 2.4.17 packages fix several vulnerabilities
Broken Link

CVEs referencing this url
http://secunia.com/advisories/20163

About Secunia Research | Flexera
Broken Link
http://security.gentoo.org/glsa/glsa-200407-02.xml

Linux Kernel: Multiple vulnerabilities (GLSA 200407-02) — Gentoo security
Broken Link

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2004:037

Advisories - Mandriva Linux
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/20162

About Secunia Research | Flexera
Broken Link
http://linux.bkbits.net:8080/linux-2.4/cset%40407bf20eDeeejm8t36_tpvSE-8EFHA

Broken Link
http://secunia.com/advisories/11464

About Secunia Research | Flexera
Broken Link
http://www.debian.org/security/2006/dsa-1070

[SECURITY] [DSA 1070-1] New Linux kernel 2.4.19 packages fix several vulnerabilities
Broken Link

CVEs referencing this url
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846

CONECTIVA | Análises dos Melhores Produtos Online (#10 Melhores)
Broken Link

CVEs referencing this url
ftp://patches.sgi.com/support/free/security/advisories/20040505-01-U.asc

Broken Link;Patch;Vendor Advisory

CVEs referencing this url
http://linux.bkbits.net:8080/linux-2.6/cset%40407b1217x4jtqEkpFW2g_-RcF0726A

Broken Link
http://secunia.com/advisories/20338

About Secunia Research | Flexera
Third Party Advisory
http://www.debian.org/security/2006/dsa-1067

[SECURITY] [DSA 1067-1] New Linux kernel 2.4.16 packages fix several vulnerabilities
Broken Link

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2819

404 Not Found
Broken Link

Jump to

Vulnerability Details : CVE-2004-0427

Products affected by CVE-2004-0427

Exploit prediction scoring system (EPSS) score for CVE-2004-0427

CVSS scores for CVE-2004-0427

CWE ids for CVE-2004-0427

References for CVE-2004-0427