CVE-2004-2536

The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2536
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	2.6.5	2.6.5.x
linux / linux_kernel	2.6.1	2.6.1.x
linux / linux_kernel	2.6.3	2.6.3.x
linux / linux_kernel	2.6.4	2.6.4.x
linux / linux_kernel	2.6.2	2.6.2.x
linux / linux_kernel	2.6.1-rc2	2.6.1-rc2.x
linux / linux_kernel	2.6.0	2.6.0.x
linux / linux_kernel	2.6.1-rc1	2.6.1-rc1.x

http://secunia.com/advisories/11577
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6
http://www.osvdb.org/5997
http://www.securityfocus.com/bid/10302
http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1242.html
http://www.ussg.iu.edu/hypermail/linux/kernel/0405.0/1265.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/16106

Vulnerability Database

289,599

CVE-2004-2536