CVE-2007-5908

Publication date 9 November 2007

Last updated 4 August 2025

Ubuntu priority

Rejected reason: Buffer overflow in the (1) sysfs_show_available_clocksources and (2) sysfs_show_current_clocksources functions in Linux kernel 2.6.23 and earlier might allow local users to cause a denial of service or execute arbitrary code via crafted clock source names. NOTE: follow-on analysis by Linux developers states that "There is no way for unprivileged users (or really even the root user) to add new clocksources.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux-source-2.6.15	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Ignored
linux-source-2.6.17	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.10 edgy	Ignored
	6.06 LTS dapper	Not in release
linux-source-2.6.20	7.10 gutsy	Not in release
	7.04 feisty	Ignored
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release
linux-source-2.6.22	7.10 gutsy	Ignored
	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release

Notes

kees

http://marc.info/?l=linux-kernel&m=119451922608530&w=2 This isn't actually exploitable since clocksources aren't user-settable

References

Other references

https://www.cve.org/CVERecord?id=CVE-2007-5908