ID CVE-2007-3719
Summary The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 15-11-2008 - 06:53)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
refmap via4
misc http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf
osvdb 37127
statements via4
contributor Tomas Hoger
lastmodified 2009-10-26
organization Red Hat
statement The Red Hat Security Response Team has rated this issue as having moderate security impact. The risks associated with fixing this bug are greater than the moderate severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG.
Last major update 15-11-2008 - 06:53
Published 12-07-2007 - 16:30
Back to Top