VULHUB ™

It is reported that in certain cases, the Linux kernel fails to properly call defined security module functions in its SCM system. This vulnerability may allow local attackers to bypass the expected security measures when passing file descriptors. The exact results of this vulnerability depend on the implementation of applications that utilize file descriptor passing. It is conjectured that this may result in open file descriptors being passed to processes that would not normally be able to access them. This may lead to attackers gaining access to read or modify files that would normally be denied to them. This vulnerability is reported to exist in the Linux kernel in the 2.6 series, in versions prior to 2.6.10.

It is reported that in certain cases, the Linux kernel fails to properly call defined security module functions in its SCM system. This vulnerability may allow local attackers to bypass the expected security measures when passing file descriptors. The exact results of this vulnerability depend on the implementation of applications that utilize file descriptor passing. It is conjectured that this may result in open file descriptors being passed to processes that would not normally be able to access them. This may lead to attackers gaining access to read or modify files that would normally be denied to them. This vulnerability is reported to exist in the Linux kernel in the 2.6 series, in versions prior to 2.6.10.