CVE-2007-4573

CVE Details

Release Date:

2007-09-24

Description

The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register. The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.

See more information about CVE-2007-4573 from MITRE CVE dictionary and NIST NVD

CVSS v2.0 metrics

NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.

Base Score:	7.2	Base Metrics:	AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector:	Local network	Attack Complexity:	Low
Authentication:	None required	Confidentiality Impact:	Complete
Integrity Impact:	Complete	Availability Impact:	Complete

Errata information

Platform	Errata	Release Date
Oracle Enterprise Linux version 4 (kernel)	ELSA-2007-0937	2007-09-28
Oracle Enterprise Linux version 4 (ocfs2-2.6.9-55.0.9.0.1.EL)	ELSA-2007-0937	2007-09-28
Oracle Enterprise Linux version 4 (oracleasm-2.6.9-55.0.9.0.1.EL)	ELSA-2007-0937	2007-09-28
Oracle Linux version 5 (kernel)	ELSA-2007-0936	2007-09-30
Oracle Linux version 5 (ocfs2-2.6.18-8.1.14.0.2.el5)	ELSA-2007-0936	2007-09-30
Oracle Linux version 5 (oracleasm-2.6.18-8.1.14.0.2.el5)	ELSA-2007-0936	2007-09-30

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team