CVE-2004-0535

7 documents5 sources

Severity

2.1LOW

EPSS

0.1%

top 67.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Conectiva Linux Engardelinux Secure Community Engardelinux Secure Linux +7 more

Timeline

PublishedAug 6

Latest updateMay 3

Description

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages10 packages

▶NVDlinux/linux_kernel30 versions+29

▶NVDgentoo/linux1.4

▶NVDconectiva/linux8.0, 9.0+1

▶NVDsuse/suse_linux7 versions+6

▶NVDengardelinux/secure_linux1.5

Patches

Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-x8hf-49vp-fmqg: The e1000 driver for Linux kernel 2↗2022-05-03

▶

CVEList

CVE-2004-0535: The e1000 driver for Linux kernel 2↗2004-06-08

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-05-14

▶

💬Community

Bugzilla

CVE-2004-0535 security flaw↗2018-08-16

▶

Bugzilla

CAN-2004-0535 e100e1000 kernel memory leak (x86)↗2004-06-03

▶

Bugzilla

CAN-2004-0535 e1000 kernel memory leak (ia64)↗2004-06-03

▶