Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1016 — Kernel vulnerability

7 documents7 sources

Severity

2.1LOWNVD

EPSS

0.4%

top 38.82%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Kernel Ubuntu Linux

Timeline

PublishedJan 10

Latest updateApr 29

Description

The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDlinux/linux_kernel42 versions+41

Also affects: Ubuntu Linux 4.1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-xx2p-5w38-cw49: The scm_send function in the scm layer for Linux kernel 2↗2022-04-29

▶

CVEList

CVE-2004-1016: The scm_send function in the scm layer for Linux kernel 2↗2004-12-15

▶

💥Exploits & PoCs

Exploit-DB

Linux Kernel 2.4.28/2.6.9 - 'scm_send Local' Denial of Service↗2004-12-14

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2004-12-15

▶

Red Hat

security flaw↗2004-12-08

▶

💬Community

Bugzilla

CVE-2004-1016 security flaw↗2018-08-16

▶