Unrated severityNVD Advisory· Published Jul 27, 2007· Updated Apr 23, 2026
CVE-2007-3105
CVE-2007-3105
Description
Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
28- secunia.com/advisories/26500nvdVendor Advisory
- secunia.com/advisories/26643nvdVendor Advisory
- secunia.com/advisories/26647nvdVendor Advisory
- secunia.com/advisories/26651nvdVendor Advisory
- secunia.com/advisories/26664nvdVendor Advisory
- secunia.com/advisories/27212nvdVendor Advisory
- secunia.com/advisories/27227nvdVendor Advisory
- secunia.com/advisories/27322nvdVendor Advisory
- secunia.com/advisories/27436nvdVendor Advisory
- secunia.com/advisories/27747nvdVendor Advisory
- secunia.com/advisories/29058nvdVendor Advisory
- support.avaya.com/elmodocs2/security/ASA-2007-474.htmnvd
- www.debian.org/security/2007/dsa-1363nvd
- www.debian.org/security/2008/dsa-1504nvd
- www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.22-git14.lognvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2007_51_kernel.htmlnvd
- www.novell.com/linux/security/advisories/2007_53_kernel.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0939.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0940.htmlnvd
- www.securityfocus.com/bid/25348nvd
- www.ubuntu.com/usn/usn-508-1nvd
- www.ubuntu.com/usn/usn-509-1nvd
- www.ubuntu.com/usn/usn-510-1nvd
- issues.rpath.com/browse/RPL-1650nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10371nvd
News mentions
0No linked articles in our index yet.