Rapid7 Vulnerability & Exploit Database

USN-1041-1: Linux kernel vulnerabilities

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

USN-1041-1: Linux kernel vulnerabilities

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

09/30/2010

Created

07/25/2018

Added

05/06/2013

Modified

08/12/2020

Description

The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.

Solution(s)

ubuntu-upgrade-linux-image-2-6-31-22-386
ubuntu-upgrade-linux-image-2-6-31-22-generic
ubuntu-upgrade-linux-image-2-6-31-22-generic-pae
ubuntu-upgrade-linux-image-2-6-31-22-ia64
ubuntu-upgrade-linux-image-2-6-31-22-lpia
ubuntu-upgrade-linux-image-2-6-31-22-powerpc
ubuntu-upgrade-linux-image-2-6-31-22-powerpc-smp
ubuntu-upgrade-linux-image-2-6-31-22-powerpc64-smp
ubuntu-upgrade-linux-image-2-6-31-22-server
ubuntu-upgrade-linux-image-2-6-31-22-sparc64
ubuntu-upgrade-linux-image-2-6-31-22-sparc64-smp
ubuntu-upgrade-linux-image-2-6-31-22-virtual
ubuntu-upgrade-linux-image-2-6-31-307-ec2
ubuntu-upgrade-linux-image-2-6-32-27-386
ubuntu-upgrade-linux-image-2-6-32-27-generic
ubuntu-upgrade-linux-image-2-6-32-27-generic-pae
ubuntu-upgrade-linux-image-2-6-32-27-ia64
ubuntu-upgrade-linux-image-2-6-32-27-lpia
ubuntu-upgrade-linux-image-2-6-32-27-powerpc
ubuntu-upgrade-linux-image-2-6-32-27-powerpc-smp
ubuntu-upgrade-linux-image-2-6-32-27-powerpc64-smp
ubuntu-upgrade-linux-image-2-6-32-27-preempt
ubuntu-upgrade-linux-image-2-6-32-27-server
ubuntu-upgrade-linux-image-2-6-32-27-sparc64
ubuntu-upgrade-linux-image-2-6-32-27-sparc64-smp
ubuntu-upgrade-linux-image-2-6-32-27-versatile
ubuntu-upgrade-linux-image-2-6-32-27-virtual
ubuntu-upgrade-linux-image-2-6-32-311-ec2
ubuntu-upgrade-linux-image-2-6-35-24-generic
ubuntu-upgrade-linux-image-2-6-35-24-generic-pae
ubuntu-upgrade-linux-image-2-6-35-24-omap
ubuntu-upgrade-linux-image-2-6-35-24-powerpc
ubuntu-upgrade-linux-image-2-6-35-24-powerpc-smp
ubuntu-upgrade-linux-image-2-6-35-24-powerpc64-smp
ubuntu-upgrade-linux-image-2-6-35-24-server
ubuntu-upgrade-linux-image-2-6-35-24-versatile
ubuntu-upgrade-linux-image-2-6-35-24-virtual

References

https://attackerkb.com/topics/cve-2010-2537
41847
41854
42527
43221
43226
43229
43684
44067
44301
44427
44500
44648
45014
45054
45058
45063
45972
CVE - 2010-2537
CVE - 2010-2538
CVE - 2010-2943
CVE - 2010-2962
CVE - 2010-3079
CVE - 2010-3296
CVE - 2010-3297
CVE - 2010-3298
CVE - 2010-3301
CVE - 2010-3698
CVE - 2010-3858
CVE - 2010-3861
CVE - 2010-4072
CVE - 2010-4080
CVE - 2010-4081
CVE - 2010-4157
CVE - 2010-4242
CVE - 2010-4655
CVE - 2014-0205
DSA-2126
Category I
V0030545
2011-A-0147
RHSA-2010:0723
RHSA-2010:0771
RHSA-2010:0842
RHSA-2010:0898
RHSA-2010:0958
RHSA-2011:0004
RHSA-2011:0007
RHSA-2011:0017
RHSA-2011:0162
RHSA-2014:1365
RHSA-2014:1763
SUSE-SA:2010:040
SUSE-SA:2010:050
SUSE-SA:2010:051
SUSE-SA:2010:052
SUSE-SA:2010:060
SUSE-SA:2011:001
SUSE-SA:2011:002
SUSE-SA:2011:004
SUSE-SA:2011:007
SUSE-SA:2011:008
USN-1041-1
64617

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;