CVE-2008-3535
MediumOff-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the Linux Test Project.
CVSS 2.0 score
4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
Weakness type
CWE-193CVE-2008-3535 is classified as CWE-193
See CWE-193 on MITRE CWE for full details on this weakness type.
References
The following references provide additional information about CVE-2008-3535 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
Broken Link
-
Third Party Advisory
-
Third Party Advisory
-
Third Party Advisory
-
Debian Securityhttp://www.debian.org/security/2008/dsa-1636Third Party Advisory
-
Broken Link
-
Exploit Third Party Advisory
-
Third Party Advisory
-
Securityfocushttp://www.securityfocus.com/bid/31132Third Party Advisory VDB Entry
-
Ubuntu Securityhttp://www.ubuntu.com/usn/usn-659-1Third Party Advisory
-
Third Party Advisory VDB Entry
Frequently asked questions
-
What is CVE-2008-3535?
CVE-2008-3535 is a Medium severity Linux kernel vulnerability with a CVSS score of 4.9 out of 10 . CVE-2008-3535 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2008-3535?
CVE-2008-3535 has a CVSS score of 4.9 out of 10, rated Medium severity (CVSS 2.0). The vector string is
AV:L/AC:L/Au:N/C:N/I:N/A:C. -
Is there a patch available for CVE-2008-3535?
No patch is currently available for CVE-2008-3535. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
-
Is CVE-2008-3535 actively exploited?
No — CVE-2008-3535 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.