CVE-1999-1166
Description
Linux kernel 2.0.37 has a vulnerability in segment limit encoding allowing local users to gain root privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linux kernel 2.0.37 has a vulnerability in segment limit encoding allowing local users to gain root privileges.
Vulnerability
Linux kernel version 2.0.37 contains a flaw in how it encodes the Custom segment limit. This bug can allow local users to access and modify kernel memory, potentially leading to privilege escalation. The vulnerability is obscure and only affects this specific version of Linux, particularly when a non-standard memory configuration is selected [1].
Exploitation
An attacker with local access can exploit this vulnerability by leveraging a non-standard memory configuration. The exploit involves locating the user process's memory descriptor, extending its limit to cover the entire kernel memory, and then finding the task_struct. By modifying the task_struct, the attacker can change their user ID to 0, thereby gaining root privileges [1].
Impact
Successful exploitation allows a local user to gain root privileges on the affected system. This provides the attacker with complete control over the system, including the ability to read, write, and execute arbitrary code with the highest level of privilege. The exploit can also be extended to reset the securelevel [1].
Mitigation
This vulnerability affects Linux kernel 2.0.37. A patch or fixed version is not explicitly mentioned in the available references. Users are advised to upgrade to a non-vulnerable kernel version if possible. No workarounds are detailed in the provided references [1].
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Linux kernel 2.0.37 does not properly encode the Custom segment limit, allowing local users to gain root privileges."
Attack vector
A local user can exploit this vulnerability by selecting a non-standard memory configuration. This configuration can grant user-level processes access to memory regions that are actually part of the kernel. The process can then locate its memory descriptor and extend it to encompass the entire kernel memory space. Subsequently, it searches for a task_struct and modifies its uid to zero, thereby gaining root privileges [ref_id=1].
Affected code
The vulnerability lies in how the Linux kernel 2.0.37 handles the Custom segment limit. The exploit code provided targets the memory descriptor and the task_struct within the kernel to achieve privilege escalation [ref_id=1].
What the fix does
The advisory does not provide information about a specific patch or fix. The recommended remediation is to upgrade to a patched version of the Linux kernel. Users are advised to consult their distribution's security advisories for specific upgrade instructions.
Preconditions
- configRequires a non-standard memory configuration.
- inputThe vulnerability is specific to Linux kernel version 2.0.37.
Reproduction
The provided reference includes an exploit that can be compiled with libc 5 to demonstrate the privilege escalation. It involves searching for a memory descriptor, extending its limit, locating the task_struct, and modifying the user ID to 0 [ref_id=1].
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- www.securityfocus.com/archive/1/18156nvdPatchVendor Advisory
- www.securityfocus.com/bid/523nvdExploitPatchVendor Advisory
News mentions
0No linked articles in our index yet.