CVE-2007-3719 - The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that pe

CVE-2007-3719

Summary

The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 15-11-2008 - 06:53)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

refmap via4

misc	http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf
osvdb	37127

statements via4

contributor	Tomas Hoger
lastmodified	2009-10-26
organization	Red Hat
statement	The Red Hat Security Response Team has rated this issue as having moderate security impact. The risks associated with fixing this bug are greater than the moderate severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG.

Last major update

15-11-2008 - 06:53

Published

12-07-2007 - 16:30

Last modified

15-11-2008 - 06:53