CVE-2004-1070

7 documents5 sources

Severity

7.2HIGH

EPSS

0.1%

top 79.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Redhat Enterprise Linux Redhat Enterprise Linux Desktop +5 more

Timeline

PublishedJan 10

Latest updateMay 3

Description

The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages7 packages

▶NVDlinux/linux_kernel41 versions+40

▶NVDsuse/suse_linux7 versions+6

▶NVDtrustix/secure_linux4 versions+3

▶NVDturbolinux/turbolinux_server10.0

▶NVDredhat/enterprise_linux_desktop3.0

Also affects: Enterprise Linux 2.1, 3.0

🔴Vulnerability Details

GHSA

GHSA-92gj-7w52-q2cw: The load_elf_binary function in the binfmt_elf loader (binfmt_elf↗2022-05-03

▶

CVEList

CVE-2004-1070: The load_elf_binary function in the binfmt_elf loader (binfmt_elf↗2004-12-01

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-11-10

▶

💬Community

Bugzilla

CVE-2004-1070 security flaw↗2018-08-16

▶

Bugzilla

CAN-2004-1070 binfmt_elf loader vulnerabilities (CAN-2004-1071 CAN-2004-1072 CAN-2004-1073)↗2004-10-06

▶

Bugzilla

CAN-2004-1070 binfmt_elf loader vulnerabilities (CAN-2004-1071 CAN-2004-1072 CAN-2004-1073)↗2004-10-06

▶