VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2660

CVE-2004-2660

Description

A memory leak in direct-io.c of the Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service via crafted O_DIRECT write requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in direct-io.c of the Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service via crafted O_DIRECT write requests.

Vulnerability

In the Linux kernel versions 2.6.x prior to 2.6.10, the direct-io.c file contains a memory leak. When certain O_DIRECT (direct I/O) write requests are made by a local user, the kernel fails to properly free allocated memory, leading to gradual memory consumption. This affects all systems running an affected kernel version and allowing local user access.

Exploitation

An attacker must have local user access to the system. By issuing a series of specially crafted O_DIRECT write requests (for example, using the O_DIRECT flag with write() system calls), the attacker can trigger the memory leak repeatedly, causing the kernel to consume increasing amounts of memory. No additional privileges are required beyond the ability to perform direct I/O.

Impact

Successful exploitation results in a denial of service (DoS) due to memory exhaustion. The system may become unresponsive or crash as available memory is depleted. The attacker does not gain elevated privileges or data access; the impact is limited to availability.

Mitigation

The memory leak is fixed in Linux kernel version 2.6.10. Users should update their kernel to 2.6.10 or later. Distributions such as Red Hat Enterprise Linux 4 provided updated kernel packages (see RHSA-2006-0617 [2][3]). If an update cannot be applied, restricting local user access or disabling O_DIRECT for untrusted users may reduce risk, but the only complete mitigation is applying the kernel patch.

References
  1. ASA-2006-203 (RHSA-2006-0617)
  2. Support

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

73
  • Linux/Kernel72 versions
    cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*+ 71 more
    • cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.0:*:64-bit_x86:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.0:*:itanium_ia64_montecito:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.0:test1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.0:test10:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.0:test11:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.0:test2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.0:test3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.0:test4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.0:test5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.0:test6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.0:test7:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.0:test8:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.0:test9:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.1:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.2:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.2:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.2:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.3:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.3:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.3:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.3:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.3:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.4:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.4:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.4:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.5:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.5:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.5:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.5:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.6:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.6:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.6:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.6:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.7:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.7:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.7:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.7:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:386:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:686:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:686_smp:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:amd64:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:amd64_k8:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:amd64_k8_smp:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:amd64_xeon:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:k7:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:k7_smp:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:power3:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:power3_smp:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:power4:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:power4_smp:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:powerpc:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8.1.5:*:powerpc_smp:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.8:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.9:2.6.20:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.9:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.9:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.9:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.9:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:*:*:*:*:*:*:*
  • Ubuntu/Linux Kernelllm-fuzzy
    Range: <2.6.10

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.