CVE-2007-3719

The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/37127
http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-07-12 16:30

Updated : 2024-02-04 17:13

NVD link : CVE-2007-3719

Mitre link : CVE-2007-3719

CVE.ORG link : CVE-2007-3719

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-Other

{"id": "CVE-2007-3719", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-07-12T16:30:00.000", "references": [{"url": "http://osvdb.org/37127", "source": "cve@mitre.org"}, {"url": "http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The process scheduler in the Linux kernel 2.6.16 gives preference to \"interactive\" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in \"Secretly Monopolizing the CPU Without Superuser Privileges.\""}, {"lang": "es", "value": "El programador de procesos del n\u00facleo de Linux 2.6.16 da preferencia a procesos \"interactivos\" que llevan a cabo paradas (sleeps) voluntarias, lo cual permite a usuarios locales provocar una denegaci\u00f3n de servicio (consumo de CPU), como ha sido descrito en \"Monopolizando secretamente la CPU sin privilegios de Superusuario\"."}], "lastModified": "2008-11-15T06:53:51.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34E60197-56C3-485C-9609-B1C4A0E0FCB2"}], "operator": "OR"}]}], "vendorComments": [{"comment": "The Red Hat Security Response Team has rated this issue as having moderate security impact.\n\nThe risks associated with fixing this bug are greater than the moderate severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG.", "lastModified": "2009-10-26T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}