Race condition vulnerability in ia32 compatibility code for execve system call in Linux kernel 2.4 and 2.6 allows for denial of service and potential arbitrary code execution

Race condition vulnerability in ia32 compatibility code for execve system call in Linux kernel 2.4 and 2.6 allows for denial of service and potential arbitrary code execution

CVE-2005-1768 · LOW Severity

AV:L/AC:H/AU:N/C:P/I:P/A:P

Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.