CVE-2004-1072 [High] | Denial of Service in Linux Kernel

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.08%	0.56%	+0.48%
2	2023-03-07	2.17%	0.08%	-2.09%
3	2022-02-04	—	2.17%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

0.08%

0.56%

+0.48%

2023-03-07

2.17%

0.08%

-2.09%

2022-02-04

—

2.17%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.2	2.0	HIGH	`AV:L/AC:L/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	3.9	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.2

2.0

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:L): Requires local access to the target system.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

3.9

10.0

[email protected]

OS Trackers for CVE-2004-1072

vendor	priority	summary	link
`redhat`	high	—	https://access.redhat.com/security/cve/CVE-2004-1072

vendor

priority

summary

link

redhat

high

—

https://access.redhat.com/security/cve/CVE-2004-1072

Affected software / configurations for CVE-2004-1072

Vendor	Product	Version	Raw CPE
linux	linux_kernel	2.4.0	cpe:2.3:o:linux:linux_kernel:2.4.0:::::::*
linux	linux_kernel	2.4.0	cpe:2.3:o:linux:linux_kernel:2.4.0:test1::::::
linux	linux_kernel	2.4.0	cpe:2.3:o:linux:linux_kernel:2.4.0:test10::::::
linux	linux_kernel	2.4.0	cpe:2.3:o:linux:linux_kernel:2.4.0:test11::::::
linux	linux_kernel	2.4.0	cpe:2.3:o:linux:linux_kernel:2.4.0:test12::::::
linux	linux_kernel	2.4.0	cpe:2.3:o:linux:linux_kernel:2.4.0:test2::::::
linux	linux_kernel	2.4.0	cpe:2.3:o:linux:linux_kernel:2.4.0:test3::::::
linux	linux_kernel	2.4.0	cpe:2.3:o:linux:linux_kernel:2.4.0:test4::::::
linux	linux_kernel	2.4.0	cpe:2.3:o:linux:linux_kernel:2.4.0:test5::::::
linux	linux_kernel	2.4.0	cpe:2.3:o:linux:linux_kernel:2.4.0:test6::::::
linux	linux_kernel	2.4.0	cpe:2.3:o:linux:linux_kernel:2.4.0:test7::::::
linux	linux_kernel	2.4.0	cpe:2.3:o:linux:linux_kernel:2.4.0:test8::::::
linux	linux_kernel	2.4.0	cpe:2.3:o:linux:linux_kernel:2.4.0:test9::::::
linux	linux_kernel	2.4.1	cpe:2.3:o:linux:linux_kernel:2.4.1:::::::*
linux	linux_kernel	2.4.2	cpe:2.3:o:linux:linux_kernel:2.4.2:::::::*
linux	linux_kernel	2.4.3	cpe:2.3:o:linux:linux_kernel:2.4.3:::::::*
linux	linux_kernel	2.4.4	cpe:2.3:o:linux:linux_kernel:2.4.4:::::::*
linux	linux_kernel	2.4.5	cpe:2.3:o:linux:linux_kernel:2.4.5:::::::*
linux	linux_kernel	2.4.6	cpe:2.3:o:linux:linux_kernel:2.4.6:::::::*
linux	linux_kernel	2.4.7	cpe:2.3:o:linux:linux_kernel:2.4.7:::::::*
linux	linux_kernel	2.4.8	cpe:2.3:o:linux:linux_kernel:2.4.8:::::::*
linux	linux_kernel	2.4.9	cpe:2.3:o:linux:linux_kernel:2.4.9:::::::*
linux	linux_kernel	2.4.10	cpe:2.3:o:linux:linux_kernel:2.4.10:::::::*
linux	linux_kernel	2.4.11	cpe:2.3:o:linux:linux_kernel:2.4.11:::::::*
linux	linux_kernel	2.4.12	cpe:2.3:o:linux:linux_kernel:2.4.12:::::::*
linux	linux_kernel	2.4.13	cpe:2.3:o:linux:linux_kernel:2.4.13:::::::*
linux	linux_kernel	2.4.14	cpe:2.3:o:linux:linux_kernel:2.4.14:::::::*
linux	linux_kernel	2.4.15	cpe:2.3:o:linux:linux_kernel:2.4.15:::::::*
linux	linux_kernel	2.4.16	cpe:2.3:o:linux:linux_kernel:2.4.16:::::::*
linux	linux_kernel	2.4.17	cpe:2.3:o:linux:linux_kernel:2.4.17:::::::*
linux	linux_kernel	2.4.18	cpe:2.3:o:linux:linux_kernel:2.4.18:::::::*
linux	linux_kernel	2.4.18	cpe:2.3:o:linux:linux_kernel:2.4.18::x86:::::
linux	linux_kernel	2.4.18	cpe:2.3:o:linux:linux_kernel:2.4.18:pre1::::::
linux	linux_kernel	2.4.18	cpe:2.3:o:linux:linux_kernel:2.4.18:pre2::::::
linux	linux_kernel	2.4.18	cpe:2.3:o:linux:linux_kernel:2.4.18:pre3::::::
linux	linux_kernel	2.4.18	cpe:2.3:o:linux:linux_kernel:2.4.18:pre4::::::
linux	linux_kernel	2.4.18	cpe:2.3:o:linux:linux_kernel:2.4.18:pre5::::::
linux	linux_kernel	2.4.18	cpe:2.3:o:linux:linux_kernel:2.4.18:pre6::::::
linux	linux_kernel	2.4.18	cpe:2.3:o:linux:linux_kernel:2.4.18:pre7::::::
linux	linux_kernel	2.4.18	cpe:2.3:o:linux:linux_kernel:2.4.18:pre8::::::
linux	linux_kernel	2.4.19	cpe:2.3:o:linux:linux_kernel:2.4.19:::::::*
linux	linux_kernel	2.4.19	cpe:2.3:o:linux:linux_kernel:2.4.19:pre1::::::
linux	linux_kernel	2.4.19	cpe:2.3:o:linux:linux_kernel:2.4.19:pre2::::::
linux	linux_kernel	2.4.19	cpe:2.3:o:linux:linux_kernel:2.4.19:pre3::::::
linux	linux_kernel	2.4.19	cpe:2.3:o:linux:linux_kernel:2.4.19:pre4::::::
linux	linux_kernel	2.4.19	cpe:2.3:o:linux:linux_kernel:2.4.19:pre5::::::
linux	linux_kernel	2.4.19	cpe:2.3:o:linux:linux_kernel:2.4.19:pre6::::::
linux	linux_kernel	2.4.20	cpe:2.3:o:linux:linux_kernel:2.4.20:::::::*
linux	linux_kernel	2.4.21	cpe:2.3:o:linux:linux_kernel:2.4.21:::::::*
linux	linux_kernel	2.4.21	cpe:2.3:o:linux:linux_kernel:2.4.21:pre1::::::
linux	linux_kernel	2.4.21	cpe:2.3:o:linux:linux_kernel:2.4.21:pre4::::::
linux	linux_kernel	2.4.21	cpe:2.3:o:linux:linux_kernel:2.4.21:pre7::::::
linux	linux_kernel	2.4.22	cpe:2.3:o:linux:linux_kernel:2.4.22:::::::*
linux	linux_kernel	2.4.23	cpe:2.3:o:linux:linux_kernel:2.4.23:::::::*
linux	linux_kernel	2.4.23	cpe:2.3:o:linux:linux_kernel:2.4.23:pre9::::::
linux	linux_kernel	2.4.23_ow2	cpe:2.3:o:linux:linux_kernel:2.4.23_ow2:::::::*
linux	linux_kernel	2.4.24	cpe:2.3:o:linux:linux_kernel:2.4.24:::::::*
linux	linux_kernel	2.4.24_ow1	cpe:2.3:o:linux:linux_kernel:2.4.24_ow1:::::::*
linux	linux_kernel	2.4.25	cpe:2.3:o:linux:linux_kernel:2.4.25:::::::*
linux	linux_kernel	2.4.26	cpe:2.3:o:linux:linux_kernel:2.4.26:::::::*
linux	linux_kernel	2.4.27	cpe:2.3:o:linux:linux_kernel:2.4.27:::::::*
linux	linux_kernel	2.4.27	cpe:2.3:o:linux:linux_kernel:2.4.27:pre1::::::
linux	linux_kernel	2.4.27	cpe:2.3:o:linux:linux_kernel:2.4.27:pre2::::::
linux	linux_kernel	2.4.27	cpe:2.3:o:linux:linux_kernel:2.4.27:pre3::::::
linux	linux_kernel	2.4.27	cpe:2.3:o:linux:linux_kernel:2.4.27:pre4::::::
linux	linux_kernel	2.4.27	cpe:2.3:o:linux:linux_kernel:2.4.27:pre5::::::
linux	linux_kernel	2.6.0	cpe:2.3:o:linux:linux_kernel:2.6.0:::::::*
linux	linux_kernel	2.6.0	cpe:2.3:o:linux:linux_kernel:2.6.0:test1::::::
linux	linux_kernel	2.6.0	cpe:2.3:o:linux:linux_kernel:2.6.0:test10::::::
linux	linux_kernel	2.6.0	cpe:2.3:o:linux:linux_kernel:2.6.0:test11::::::
linux	linux_kernel	2.6.0	cpe:2.3:o:linux:linux_kernel:2.6.0:test2::::::
linux	linux_kernel	2.6.0	cpe:2.3:o:linux:linux_kernel:2.6.0:test3::::::
linux	linux_kernel	2.6.0	cpe:2.3:o:linux:linux_kernel:2.6.0:test4::::::
linux	linux_kernel	2.6.0	cpe:2.3:o:linux:linux_kernel:2.6.0:test5::::::
linux	linux_kernel	2.6.0	cpe:2.3:o:linux:linux_kernel:2.6.0:test6::::::
linux	linux_kernel	2.6.0	cpe:2.3:o:linux:linux_kernel:2.6.0:test7::::::
linux	linux_kernel	2.6.0	cpe:2.3:o:linux:linux_kernel:2.6.0:test8::::::
linux	linux_kernel	2.6.0	cpe:2.3:o:linux:linux_kernel:2.6.0:test9::::::
linux	linux_kernel	2.6.1	cpe:2.3:o:linux:linux_kernel:2.6.1:::::::*
linux	linux_kernel	2.6.1	cpe:2.3:o:linux:linux_kernel:2.6.1:rc1::::::

References for CVE-2004-1072

URL	Tags
ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
http://secunia.com/advisories/19607
http://secunia.com/advisories/20162
http://secunia.com/advisories/20163
http://secunia.com/advisories/20202
http://secunia.com/advisories/20338
http://www.debian.org/security/2006/dsa-1067
http://www.debian.org/security/2006/dsa-1069
http://www.debian.org/security/2006/dsa-1070
http://www.debian.org/security/2006/dsa-1082
http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
http://www.redhat.com/support/errata/RHSA-2004-504.html
http://www.redhat.com/support/errata/RHSA-2004-505.html
http://www.redhat.com/support/errata/RHSA-2004-537.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-275.html
http://www.securityfocus.com/bid/11646
https://bugzilla.fedora.us/show_bug.cgi?id=2336
https://exchange.xforce.ibmcloud.com/vulnerabilities/18025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11195

URL

CVE-2004-1072

Exploit prediction scoring system (EPSS) score for CVE-2004-1072

Common vulnerability scoring system (CVSS) metrics for CVE-2004-1072

Weakness enumeration for CVE-2004-1072

OS Trackers for CVE-2004-1072

Affected software / configurations for CVE-2004-1072

References for CVE-2004-1072