CVE-2007-1865 — Redhat Enterprise Linux vulnerability

CWE-1894 documents3 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 82.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux

Timeline

PublishedSep 18

Latest updateMay 1

Description

The ipv6_getsockopt_sticky function in the kernel in Red Hat Enterprise Linux (RHEL) Beta 5.1.0 allows local users to obtain sensitive information (kernel memory contents) via a negative value of the len parameter. NOTE: this issue has been disputed in a bug comment, stating that "len is ignored when copying header info to the user's buffer.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages0 packages

Also affects: Enterprise Linux 5.1.0

🔴Vulnerability Details

GHSA

GHSA-6j47-h927-wmwr: ** DISPUTED ** The ipv6_getsockopt_sticky function in the kernel in Red Hat Enterprise Linux (RHEL) Beta 5↗2022-05-01

▶

💬Community

Bugzilla

CVE-2007-1865 ipv6_getsockopt_sticky copy_to_user leak↗2007-05-04

▶

Bugzilla

CVE-2007-1865 ipv6_getsockopt_sticky copy_to_user leak↗2007-03-13

▶