CVE-2008-5393 : UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04

UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading from or (2) writing to these arrays.

Published 2008-12-09 00:30:00

Updated 2018-10-11 20:55:13

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2008-5393

Privacy-cd » Unbuntu Privacy Remix
Versions up to, including, (<=) 8.04
cpe:2.3:a:privacy-cd:unbuntu_privacy_remix:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-5393

EPSS FAQ

0.57%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 67 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-5393

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-5393

CWE-264

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2008-5393

Red Hat 2008-12-09

Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. It only affected the Ubuntu Privacy Remix (UPR) kernel.

References for CVE-2008-5393