CVE-2007-5908

CVE-2007-5908 is a security vulnerability that is still awaiting full analysis and scoring.

Key facts

Description

Rejected reason: Buffer overflow in the (1) sysfs_show_available_clocksources and (2) sysfs_show_current_clocksources functions in Linux kernel 2.6.23 and earlier might allow local users to cause a denial of service or execute arbitrary code via crafted clock source names. NOTE: follow-on analysis by Linux developers states that "There is no way for unprivileged users (or really even the root user) to add new clocksources.

Frequently asked questions

What is CVE-2007-5908?
Rejected reason: Buffer overflow in the (1) sysfs_show_available_clocksources and (2) sysfs_show_current_clocksources functions in Linux kernel 2.6.23 and earlier might allow local users to cause a denial of service or execute arbitrary code via crafted clock source names. NOTE: follow-on analysis by Linux developers states that "There is no way for unprivileged users (or really even the root user) to add new clocksources.
Is CVE-2007-5908 being actively exploited?
It is not currently listed in CISA's Known Exploited Vulnerabilities catalog, and no EPSS exploit-prediction score is available yet.
How do I fix CVE-2007-5908?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2007-5908 published?
CVE-2007-5908 was published on 2007-11-09 and last updated on 2023-11-07.