CVE DATABASE / CVE-2008-4302
CVE-2008-4302
CVSS 5.5 · MEDIUM
Summary
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.
CVSS 3.1 breakdown
| Base score | 5.5 (MEDIUM) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity | NONE |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Linux linux kernelDebian debian linuxRedhat enterprise linux
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=6a860c979b35469e4d77da781a96bdb2ca05ae64
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
- http://lkml.org/lkml/2007/7/20/168
- http://secunia.com/advisories/32237
- http://secunia.com/advisories/32485
- http://secunia.com/advisories/32759
- http://www.debian.org/security/2008/dsa-1653
- http://www.juniper.net/security/auto/vulnerabilities/vuln31201.html
- http://www.openwall.com/lists/oss-security/2008/09/16/10
- http://www.redhat.com/support/errata/RHSA-2008-0957.html
- http://www.securityfocus.com/bid/31201
- https://bugzilla.redhat.com/show_bug.cgi?id=462434
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45191
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10547
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.