CVE-2006-5174

Description

The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer.

2.1
CVSS
Severity: Low
CVSS 2.0 •
EPSS 0.06%
Vendor Advisory novell.com Vendor Advisory redhat.com Vendor Advisory debian.org Vendor Advisory debian.org Vendor Advisory redhat.com Vendor Advisory secunia.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://lkml.org/lkml/2006/11/5/46 mailing list
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9885 vdb entry signature
http://www.novell.com/linux/security/advisories/2006_79_kernel.html vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/29378 vdb entry
http://www.securityfocus.com/bid/20379 vdb entry patch
http://rhn.redhat.com/errata/RHSA-2007-0014.html vendor advisory
http://www.vupen.com/english/advisories/2006/3938 vdb entry
http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm
http://www.us.debian.org/security/2006/dsa-1237 vendor advisory
http://secunia.com/advisories/24206 third party advisory
http://securitytracker.com/id?1017090 vdb entry
http://secunia.com/advisories/23474 third party advisory
http://secunia.com/advisories/23064 third party advisory
http://www.us.debian.org/security/2006/dsa-1233 vendor advisory
http://secunia.com/advisories/23370 third party advisory
http://secunia.com/advisories/23997 third party advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=52149ba6b0ddf3e9d965257cc0513193650b3ea8
http://secunia.com/advisories/22497 third party advisory
http://www.redhat.com/support/errata/RHSA-2006-0710.html vendor advisory
http://secunia.com/advisories/23395 third party advisory
http://secunia.com/advisories/22289 third party advisory patch vendor advisory

Frequently Asked Questions

What is the severity of CVE-2006-5174?
CVE-2006-5174 has been scored as a low severity vulnerability.
How to fix CVE-2006-5174?
To fix CVE-2006-5174, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2006-5174 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2006-5174 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.