CVE-2006-1524 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2006-1524 Interim 1 5 2025-04-07T23:55:02Z current 2021-05-30T12:35:10Z 2025-04-07T23:55:02Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2006-1524 madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHYECM4VBKXEW3VB3CVU4VPMJPBVV6X6/#NHYECM4VBKXEW3VB3CVU4VPMJPBVV6X6 E-Mail link for SUSE-SA:2006:028 https://www.suse.com/support/security/rating/ SUSE Security Ratings madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071. CVE-2006-1524 low 3.6 AV:L/AC:L/Au:N/C:P/I:P/A:N