CVE-2008-5300

Severity

49%

Complexity

39%

Confidentiality

115%

Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.

Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C).

Overview

First reported 16 years ago

2008-12-01 17:30:00

Last updated 6 years ago

2018-10-11 20:54:00

Affected Software

Linux Kernel 2.6.28

2.6.28

Linux Kernel 2.6.28 Release Candidate 1

2.6.28

Linux Kernel 2.6.28 Release Candidate 2

2.6.28

Linux Kernel 2.6.28 Release Candidate 3

2.6.28

Linux Kernel 2.6.28 Release Candidate 4

2.6.28

Linux Kernel 2.6.28 Release Candidate 5

2.6.28

References

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=473259

[linux-netdev] 20081120 soft lockups/OOM after unix socket fixes

[linux-netdev] 20081125 [PATCH] Fix soft lockups/OOM issues w/ unix garbage collector

50272

32913

32998

33083

33348

33556

33706

33756

33854

4673

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0332

DSA-1681

MDVSA-2009:032

RHSA-2009:0014

RHSA-2009:0053

20081209 rPSA-2008-0332-1 kernel

20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel

32516

USN-715-1

https://bugzilla.redhat.com/show_bug.cgi?id=470201

Vendor Advisory

linux-kernel-sendmsg-dos(46943)

https://issues.rpath.com/browse/RPL-2915

oval:org.mitre.oval:def:10283

oval:org.mitre.oval:def:11427

RHSA-2009:1550

USN-714-1

FEDORA-2008-11618

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.