Unrated severityNVD Advisory· Published May 2, 2005· Updated Jun 16, 2026

CVE-2005-0531

Description

The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative arguments.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Linux/Kernel6 versions
cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.11:rc3:*:*:*:*:*:*
- (no CPE)range: >=2.6.10, <=2.6.11-rc3

Patches

Vulnerability mechanics

Root cause

"Misuse of signed types in atm_get_addr allows a negative size argument to cause a buffer overflow."

Attack vector

A local user can trigger a buffer overflow by passing negative arguments to the ATM ioctl path. The `atm_get_addr` function uses a signed `int size` parameter and a `total < size ? total : size` comparison that may underflow when negative values are supplied, leading to an incorrect copy size in `copy_to_user` [ref_id=1][ref_id=2]. The attacker needs local access to issue the `ATM_GETADDR` ioctl.

Affected code

The `atm_get_addr` function in `net/atm/addr.c` and the `atm_dev_ioctl` function in `net/atm/resources.c` are at fault. The advisory notes that this codepath is suspicious but was not verified on real hardware [ref_id=1][ref_id=2].

What the fix does

The advisory states that kernel 2.6.11-rc4 fixes the anomalies and adds checks at the VFS layer and in `copy_from_user` [ref_id=1][ref_id=2]. Individual patches are referenced at kernel.org BitKeeper URLs. The fix likely adds proper validation of the `size` parameter in `atm_get_addr` to reject negative values, preventing the signedness confusion that leads to the buffer overflow.

Preconditions

authAttacker must have local access to the system
inputAttacker must be able to issue ATM_GETADDR ioctl calls

Generated on Jun 16, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

distro.conectiva.com.br/atualizacoes/index.phpnvdPatch
www.guninski.com/where_do_you_want_billg_to_go_today_3.htmlnvdExploitPatchVendor Advisory
linux.bkbits.net:8080/linux-2.6/gnupatch%404208e1fcfccuD-eH2OGM5mBhihmQ3Anvd
marc.infonvd
marc.infonvd
www.redhat.com/support/errata/RHSA-2005-366.htmlnvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10095nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000