ID CVE-2008-5300
Summary Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.28:rc1:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc1:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.28:rc2:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc2:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.28:rc3:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc3:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.28:rc4:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc4:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:2.6.28:rc5:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.6.28:rc5:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 11-10-2018 - 20:54)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
oval via4
  • accepted 2013-04-29T04:04:17.450-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.
    family unix
    id oval:org.mitre.oval:def:10283
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.
    version 24
  • accepted 2010-08-23T04:00:06.682-04:00
    class vulnerability
    contributors
    name Chandan M C
    organization Hewlett-Packard
    definition_extensions
    comment VMware ESX Server 3.5.0 is installed
    oval oval:org.mitre.oval:def:5887
    description Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.
    family unix
    id oval:org.mitre.oval:def:11427
    status accepted
    submitted 2010-07-10T10:25:06.000-05:00
    title Service Console update for COS kernel
    version 5
redhat via4
advisories
  • bugzilla
    id 476184
    title RHEL5.3 pv guests crash randomly on reboot orders.
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment kernel is earlier than 0:2.6.18-128.el5
          oval oval:com.redhat.rhsa:tst:20090225002
        • comment kernel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314003
      • AND
        • comment kernel-PAE is earlier than 0:2.6.18-128.el5
          oval oval:com.redhat.rhsa:tst:20090225020
        • comment kernel-PAE is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314021
      • AND
        • comment kernel-PAE-devel is earlier than 0:2.6.18-128.el5
          oval oval:com.redhat.rhsa:tst:20090225022
        • comment kernel-PAE-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314023
      • AND
        • comment kernel-debug is earlier than 0:2.6.18-128.el5
          oval oval:com.redhat.rhsa:tst:20090225010
        • comment kernel-debug is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314015
      • AND
        • comment kernel-debug-devel is earlier than 0:2.6.18-128.el5
          oval oval:com.redhat.rhsa:tst:20090225006
        • comment kernel-debug-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314009
      • AND
        • comment kernel-devel is earlier than 0:2.6.18-128.el5
          oval oval:com.redhat.rhsa:tst:20090225014
        • comment kernel-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314007
      • AND
        • comment kernel-doc is earlier than 0:2.6.18-128.el5
          oval oval:com.redhat.rhsa:tst:20090225024
        • comment kernel-doc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314025
      • AND
        • comment kernel-headers is earlier than 0:2.6.18-128.el5
          oval oval:com.redhat.rhsa:tst:20090225004
        • comment kernel-headers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314005
      • AND
        • comment kernel-kdump is earlier than 0:2.6.18-128.el5
          oval oval:com.redhat.rhsa:tst:20090225018
        • comment kernel-kdump is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314017
      • AND
        • comment kernel-kdump-devel is earlier than 0:2.6.18-128.el5
          oval oval:com.redhat.rhsa:tst:20090225016
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314019
      • AND
        • comment kernel-xen is earlier than 0:2.6.18-128.el5
          oval oval:com.redhat.rhsa:tst:20090225008
        • comment kernel-xen is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314011
      • AND
        • comment kernel-xen-devel is earlier than 0:2.6.18-128.el5
          oval oval:com.redhat.rhsa:tst:20090225012
        • comment kernel-xen-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20080314013
    rhsa
    id RHSA-2009:0225
    released 2009-01-20
    severity Important
    title RHSA-2009:0225: Red Hat Enterprise Linux 5.3 kernel security and bug fix update (Important)
  • rhsa
    id RHSA-2009:0014
  • rhsa
    id RHSA-2009:0053
  • rhsa
    id RHSA-2009:1550
rpms
  • kernel-0:2.6.9-78.0.13.EL
  • kernel-devel-0:2.6.9-78.0.13.EL
  • kernel-doc-0:2.6.9-78.0.13.EL
  • kernel-hugemem-0:2.6.9-78.0.13.EL
  • kernel-hugemem-devel-0:2.6.9-78.0.13.EL
  • kernel-largesmp-0:2.6.9-78.0.13.EL
  • kernel-largesmp-devel-0:2.6.9-78.0.13.EL
  • kernel-smp-0:2.6.9-78.0.13.EL
  • kernel-smp-devel-0:2.6.9-78.0.13.EL
  • kernel-xenU-0:2.6.9-78.0.13.EL
  • kernel-xenU-devel-0:2.6.9-78.0.13.EL
  • kernel-0:2.6.18-128.el5
  • kernel-PAE-0:2.6.18-128.el5
  • kernel-PAE-devel-0:2.6.18-128.el5
  • kernel-debug-0:2.6.18-128.el5
  • kernel-debug-devel-0:2.6.18-128.el5
  • kernel-devel-0:2.6.18-128.el5
  • kernel-doc-0:2.6.18-128.el5
  • kernel-headers-0:2.6.18-128.el5
  • kernel-kdump-0:2.6.18-128.el5
  • kernel-kdump-devel-0:2.6.18-128.el5
  • kernel-xen-0:2.6.18-128.el5
  • kernel-xen-devel-0:2.6.18-128.el5
  • kernel-0:2.4.21-63.EL
  • kernel-BOOT-0:2.4.21-63.EL
  • kernel-doc-0:2.4.21-63.EL
  • kernel-hugemem-0:2.4.21-63.EL
  • kernel-hugemem-unsupported-0:2.4.21-63.EL
  • kernel-smp-0:2.4.21-63.EL
  • kernel-smp-unsupported-0:2.4.21-63.EL
  • kernel-source-0:2.4.21-63.EL
  • kernel-unsupported-0:2.4.21-63.EL
refmap via4
bid 32516
bugtraq
  • 20081209 rPSA-2008-0332-1 kernel
  • 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel
confirm
debian DSA-1681
fedora FEDORA-2008-11618
mandriva MDVSA-2009:032
mlist
  • [linux-netdev] 20081120 soft lockups/OOM after unix socket fixes
  • [linux-netdev] 20081125 [PATCH] Fix soft lockups/OOM issues w/ unix garbage collector
osvdb 50272
secunia
  • 32913
  • 32998
  • 33083
  • 33348
  • 33556
  • 33706
  • 33756
  • 33854
sreason 4673
ubuntu
  • USN-714-1
  • USN-715-1
xf linux-kernel-sendmsg-dos(46943)
Last major update 11-10-2018 - 20:54
Published 01-12-2008 - 17:30
Back to Top