CVE-2006-7051
published 2007-02-24CVE-2006-7051: The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass…
PriorityP418medium4.9CVSS 2.0
AVLACLAuNCNINAC
EXPLOIT
EPSS
0.88%
54.7th percentile
The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
CVE-2006-7051: The sys_timer_create function in posix-timers
vendor_redhat·CVSS 4.9
CVE-2006-7051 [MEDIUM] CVE-2006-7051: The sys_timer_create function in posix-timers
The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory.
Statement: This issue can only be exploited if pending signals (ulimit -i) is set to "unlimited". In case of Red Hat Enterprise Linux version 2.1, 3 and 4 this is not the case and therefore they are not vulnerable to this issue.
GHSA
GHSA-f3g2-mvp2-3pxr: The sys_timer_create function in posix-timers
ghsa_unreviewed·2022-05-01
CVE-2006-7051 [MEDIUM] GHSA-f3g2-mvp2-3pxr: The sys_timer_create function in posix-timers
The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory.
No detection rules found.
No writeups or analysis indexed.
http://securityreason.com/securityalert/2287http://www.securityfocus.com/archive/1/430278/30/5790/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/25712https://www.exploit-db.com/exploits/1657http://securityreason.com/securityalert/2287http://www.securityfocus.com/archive/1/430278/30/5790/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/25712https://www.exploit-db.com/exploits/1657
2007-02-24
Published