CVE-2003-0956

Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain sensitive data that was originally owned by other users, a different vulnerability than CVE-2003-0018.

Published: Dec 31, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0956
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:L/AC:H/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	2.4.22	2.4.22.x

http://linux.bkbits.net:8080/linux-2.4/cset@3ef33d95ym_22QH2xwhDMt264M55Fg
http://linux.bkbits.net:8080/linux-2.4/cset%403ef33d95ym_22QH2xwhDMt264M55Fg
https://exchange.xforce.ibmcloud.com/vulnerabilities/42942

Vulnerability Database

289,784

CVE-2003-0956