CVE-2007-4573

CVE Details

Release Date:	2007-09-24
Impact:	Important	What is this?

Description

The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register. The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.

See more information about CVE-2007-4573 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v2 metrics

Base Score:	7.2
Vector String:	AV:L/AC:L/Au:N/C:C/I:C/A:C
Version:	2.0
Attack Vector:	Local
Attack Complexity:	Low
Authentication:	None
Confidentiality Impact:	Complete
Integrity Impact:	Complete
Availability Impact:	Complete

Errata information

Platform	Errata	Release Date
Oracle Enterprise Linux version 4 (kernel)	ELSA-2007-0937	2007-09-28
Oracle Enterprise Linux version 4 (ocfs2-2.6.9-55.0.9.0.1.EL)	ELSA-2007-0937	2007-09-28
Oracle Enterprise Linux version 4 (oracleasm-2.6.9-55.0.9.0.1.EL)	ELSA-2007-0937	2007-09-28
Oracle Linux version 5 (kernel)	ELSA-2007-0936	2007-09-30
Oracle Linux version 5 (ocfs2-2.6.18-8.1.14.0.2.el5)	ELSA-2007-0936	2007-09-30
Oracle Linux version 5 (oracleasm-2.6.18-8.1.14.0.2.el5)	ELSA-2007-0936	2007-09-30