Vulnerability Details : CVE-2008-3534
The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count.
Vulnerability category: Denial of service
Threat overview for CVE-2008-3534
Top countries where our scanners detected CVE-2008-3534
Top open port discovered on systems with this issue
53
IPs affected by CVE-2008-3534 1,530
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-3534!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-3534
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-3534
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2008-3534
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-3534
-
Red Hat 2009-01-15This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44489
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/31134
Third Party Advisory;VDB Entry
-
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=14fcc23fdc78e9d32372553ccf21758a9bd56fa1
Broken Link
-
http://www.debian.org/security/2008/dsa-1636
Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1
Broken Link
-
http://www.ubuntu.com/usn/usn-659-1
Third Party Advisory
-
http://lkml.org/lkml/2008/7/26/71
Exploit;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0857.html
Third Party Advisory
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*