CVE-2004-0535
published 2004-08-06CVE-2004-0535: The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel…
PriorityP411low2.1CVSS 2.0
AVLACLAuNCPINAN
EPSS
0.47%
37.2th percentile
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| conectiva | linux | — | — |
| conectiva | linux | — | — |
| engardelinux | secure_community | — | — |
| engardelinux | secure_linux | — | — |
| gentoo | linux | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x8hf-49vp-fmqg: The e1000 driver for Linux kernel 2
ghsa_unreviewed·2022-05-03
CVE-2004-0535 [LOW] GHSA-x8hf-49vp-fmqg: The e1000 driver for Linux kernel 2
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
Red Hat
security flaw
vendor_redhat·2004-05-14·CVSS 2.1
CVE-2004-0535 [LOW] security flaw
security flaw
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-0535 security flaw
bugzilla·2018-08-16·CVSS 2.1
CVE-2004-0535 [LOW] CVE-2004-0535 security flaw
CVE-2004-0535 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
Bugzilla
CAN-2004-0535 e100e1000 kernel memory leak (x86)
bugzilla·2004-06-03
[MEDIUM] CAN-2004-0535 e100e1000 kernel memory leak (x86)
CAN-2004-0535 e100e1000 kernel memory leak (x86)
According to
http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.log a
recent kernel fix was applied "e1000: fix probable security hole".
This issue in fact is a minor information leak via the e1000 driver
that can reveal 24 bytes of kernel memory to users (if e1000 driver is
loaded)
RHEL 2.1 is possibly vulnerable to this issue via the backported
driver added
No CVE name yet available
See Bug #125168 for a patch (will need to be backported)
Discussion:
CAN-2004-0535
---
This is covered by e1000 update in RHEL2.1 U5...
---
Reopening, needs to stay open until the release is actually shipped.
---
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed
Bugzilla
CAN-2004-0535 e1000 kernel memory leak (ia64)
bugzilla·2004-06-03
[MEDIUM] CAN-2004-0535 e1000 kernel memory leak (ia64)
CAN-2004-0535 e1000 kernel memory leak (ia64)
According to
http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.log a
recent kernel fix was applied "e1000: fix probable security hole".
This issue in fact is a minor information leak via the e1000 driver
that can reveal 24 bytes of kernel memory to users (if e1000 driver is
loaded)
No CVE name yet available
See Bug #125168 for a patch (will need to be backported)
Discussion:
CAN-2004-0535
---
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http:
ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.aschttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845http://lwn.net/Articles/91155/http://security.gentoo.org/glsa/glsa-200407-02.xmlhttp://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.loghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:062http://www.novell.com/linux/security/advisories/2004_20_kernel.htmlhttp://www.redhat.com/support/errata/RHSA-2004-413.htmlhttp://www.redhat.com/support/errata/RHSA-2004-418.htmlhttp://www.securityfocus.com/bid/10352https://exchange.xforce.ibmcloud.com/vulnerabilities/16159https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11136ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.aschttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=125168http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000845http://lwn.net/Articles/91155/http://security.gentoo.org/glsa/glsa-200407-02.xmlhttp://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.27.loghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:062http://www.novell.com/linux/security/advisories/2004_20_kernel.htmlhttp://www.redhat.com/support/errata/RHSA-2004-413.htmlhttp://www.redhat.com/support/errata/RHSA-2004-418.htmlhttp://www.securityfocus.com/bid/10352https://exchange.xforce.ibmcloud.com/vulnerabilities/16159https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11136
2004-08-06
Published