Vulnerability Details : CVE-2005-1589
The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.
Vulnerability category: Execute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2005-1589
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-1589
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
References for CVE-2005-1589
- http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html
-
http://marc.info/?l=linux-kernel&m=111630531515901&w=2
- http://www.vupen.com/english/advisories/2005/0557
-
http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
Advisories - Mandriva Linux
- http://www.securityfocus.com/bid/13651
-
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html
Exploit;Patch;Vendor Advisory
-
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
Products affected by CVE-2005-1589
- cpe:2.3:o:linux:linux_kernel:*:rc4:*:*:*:*:*:*