NVD

CVE-2008-0600 Detail

Deferred

This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.

Description

The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 7.2 HIGH

Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Vendor Statements (disclaimer)

Official Statement from Red Hat (02/13/2008)

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4. Updated kernel packages are available to correct this issue for Red Hat Enterprise Linux 5: https://rhn.redhat.com/errata/RHSA-2008-0129.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
http://marc.info/?l=linux-kernel&m=120263652322197&w=2	Exploit
http://marc.info/?l=linux-kernel&m=120263652322197&w=2	Exploit
http://marc.info/?l=linux-kernel&m=120264520431307&w=2	Exploit
http://marc.info/?l=linux-kernel&m=120264520431307&w=2	Exploit
http://marc.info/?l=linux-kernel&m=120264773202422&w=2	Exploit
http://marc.info/?l=linux-kernel&m=120264773202422&w=2	Exploit
http://marc.info/?l=linux-kernel&m=120266328220808&w=2	Exploit
http://marc.info/?l=linux-kernel&m=120266328220808&w=2	Exploit
http://marc.info/?l=linux-kernel&m=120266353621139&w=2	Exploit
http://marc.info/?l=linux-kernel&m=120266353621139&w=2	Exploit
http://secunia.com/advisories/28835
http://secunia.com/advisories/28835
http://secunia.com/advisories/28858
http://secunia.com/advisories/28858
http://secunia.com/advisories/28875
http://secunia.com/advisories/28875
http://secunia.com/advisories/28889
http://secunia.com/advisories/28889
http://secunia.com/advisories/28896
http://secunia.com/advisories/28896
http://secunia.com/advisories/28912
http://secunia.com/advisories/28912
http://secunia.com/advisories/28925
http://secunia.com/advisories/28925
http://secunia.com/advisories/28933
http://secunia.com/advisories/28933
http://secunia.com/advisories/28937
http://secunia.com/advisories/28937
http://secunia.com/advisories/29245
http://secunia.com/advisories/29245
http://secunia.com/advisories/30818
http://secunia.com/advisories/30818
http://securitytracker.com/id?1019393
http://securitytracker.com/id?1019393
http://wiki.rpath.com/Advisories:rPSA-2008-0052
http://wiki.rpath.com/Advisories:rPSA-2008-0052
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0052
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0052
http://www.debian.org/security/2008/dsa-1494
http://www.debian.org/security/2008/dsa-1494
http://www.mandriva.com/security/advisories?name=MDVSA-2008:043
http://www.mandriva.com/security/advisories?name=MDVSA-2008:043
http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
http://www.redhat.com/support/errata/RHSA-2008-0129.html
http://www.redhat.com/support/errata/RHSA-2008-0129.html
http://www.securityfocus.com/archive/1/488009/100/0/threaded
http://www.securityfocus.com/archive/1/488009/100/0/threaded
http://www.securityfocus.com/bid/27704
http://www.securityfocus.com/bid/27704
http://www.securityfocus.com/bid/27801
http://www.securityfocus.com/bid/27801
http://www.ubuntu.com/usn/usn-577-1
http://www.ubuntu.com/usn/usn-577-1
http://www.vupen.com/english/advisories/2008/0487/references
http://www.vupen.com/english/advisories/2008/0487/references
https://bugzilla.redhat.com/show_bug.cgi?id=432229
https://bugzilla.redhat.com/show_bug.cgi?id=432229
https://bugzilla.redhat.com/show_bug.cgi?id=432517
https://bugzilla.redhat.com/show_bug.cgi?id=432517
https://issues.rpath.com/browse/RPL-2237
https://issues.rpath.com/browse/RPL-2237
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11358
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11358
https://www.exploit-db.com/exploits/5092
https://www.exploit-db.com/exploits/5092
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00270.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00270.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00485.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00485.html

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-94	Improper Control of Generation of Code ('Code Injection')	NIST

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )

cpe:2.3:o:linux:linux_kernel:2.6.17:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17:rc1:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17:rc2:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17:rc3:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17:rc4:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17:rc5:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17:rc6:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17.1:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17.2:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17.3:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17.4:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17.5:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17.6:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17.7:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17.8:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17.9:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17.10:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17.11:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17.12:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17.13:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.17.14:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18.1:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18.2:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18.3:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18.4:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18.5:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18.6:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18.7:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.18.8:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.19:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.19:rc1:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.19:rc2:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.19:rc3:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.19:rc4:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.19.1:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.19.2:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.19.3:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20:rc2:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20.1:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20.2:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20.3:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20.4:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20.5:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20.6:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20.7:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20.8:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20.9:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20.10:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20.11:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20.12:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20.13:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20.14:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.20.15:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21:git1:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21:git2:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21:git3:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21:git4:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21:git5:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21:git6:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21:git7:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21:rc3:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21:rc4:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21:rc5:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21:rc6:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21:rc7:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21.1:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21.2:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21.3:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.21.4:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.22:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.22:rc6:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.22.1:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.22.3:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.22.4:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.22.5:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.22.6:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.22.7:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.22.16:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.23:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.23:rc1:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.23:rc2:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.23.1:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.23.2:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.23.3:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.23.4:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.23.5:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.23.6:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.23.7:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.23.9:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.23.14:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.24:::::::* Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.24:rc2:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:::::: Show Matching CPE(s)
cpe:2.3:o:linux:linux_kernel:2.6.24.1:::::::* Show Matching CPE(s)

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

8 change records found show changes

CVE Modified by CVE 11/20/2024 7:42:28 PM

Action	Type	New Value
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
Added	Reference	http://marc.info/?l=linux-kernel&m=120263652322197&w=2
Added	Reference	http://marc.info/?l=linux-kernel&m=120264520431307&w=2
Added	Reference	http://marc.info/?l=linux-kernel&m=120264773202422&w=2
Added	Reference	http://marc.info/?l=linux-kernel&m=120266328220808&w=2
Added	Reference	http://marc.info/?l=linux-kernel&m=120266353621139&w=2
Added	Reference	http://secunia.com/advisories/28835
Added	Reference	http://secunia.com/advisories/28858
Added	Reference	http://secunia.com/advisories/28875
Added	Reference	http://secunia.com/advisories/28889
Added	Reference	http://secunia.com/advisories/28896
Added	Reference	http://secunia.com/advisories/28912
Added	Reference	http://secunia.com/advisories/28925
Added	Reference	http://secunia.com/advisories/28933
Added	Reference	http://secunia.com/advisories/28937
Added	Reference	http://secunia.com/advisories/29245
Added	Reference	http://secunia.com/advisories/30818
Added	Reference	http://securitytracker.com/id?1019393
Added	Reference	http://wiki.rpath.com/Advisories:rPSA-2008-0052
Added	Reference	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0052
Added	Reference	http://www.debian.org/security/2008/dsa-1494
Added	Reference	http://www.mandriva.com/security/advisories?name=MDVSA-2008:043
Added	Reference	http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
Added	Reference	http://www.redhat.com/support/errata/RHSA-2008-0129.html
Added	Reference	http://www.securityfocus.com/archive/1/488009/100/0/threaded
Added	Reference	http://www.securityfocus.com/bid/27704
Added	Reference	http://www.securityfocus.com/bid/27801
Added	Reference	http://www.ubuntu.com/usn/usn-577-1
Added	Reference	http://www.vupen.com/english/advisories/2008/0487/references
Added	Reference	https://bugzilla.redhat.com/show_bug.cgi?id=432229
Added	Reference	https://bugzilla.redhat.com/show_bug.cgi?id=432517
Added	Reference	https://issues.rpath.com/browse/RPL-2237
Added	Reference	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11358
Added	Reference	https://www.exploit-db.com/exploits/5092
Added	Reference	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html
Added	Reference	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html
Added	Reference	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00270.html
Added	Reference	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00485.html

CVE Modified by Red Hat, Inc. 2/12/2023 9:18:44 PM

Action	Type	Old Value	New Value
Changed	Description	CVE-2008-0600 kernel vmsplice_to_pipe flaw	The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.
Removed	CVSS V2	Red Hat, Inc. (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Removed	Reference	https://access.redhat.com/errata/RHSA-2008:0129 [No Types Assigned]
Removed	Reference	https://access.redhat.com/security/cve/CVE-2008-0600 [No Types Assigned]
Removed	Reference	https://bugzilla.redhat.com/show_bug.cgi?id=432251 [No Types Assigned]
Removed	CVSS V2 Metadata	Obtain Admin/Root Access

Quick Info

CVE Dictionary Entry:
CVE-2008-0600
NVD Published Date:
02/12/2008
NVD Last Modified:
04/08/2025
Source:
Red Hat, Inc.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2008-0600 Detail

Description

Metrics

Vendor Statements (disclaimer)

Official Statement from Red Hat (02/13/2008)

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CVE 11/20/2024 7:42:28 PM

CVE Modified by Red Hat, Inc. 5/13/2024 9:50:38 PM

CVE Modified by Red Hat, Inc. 2/12/2023 9:18:44 PM

CVE Modified by Red Hat, Inc. 2/02/2023 9:15:14 AM

CPE Deprecation Remap by NIST 10/30/2018 12:25:10 PM

CVE Modified by Red Hat, Inc. 10/15/2018 6:02:04 PM

CVE Modified by Red Hat, Inc. 9/28/2017 9:30:22 PM

Initial CVE Analysis 2/12/2008 5:57:00 PM

Quick Info