Rapid7 Vulnerability & Exploit Database

USN-988-1: Linux kernel vulnerabilities

Back to Search

USN-988-1: Linux kernel vulnerabilities

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
09/22/2010
Created
07/25/2018
Added
05/06/2013
Modified
07/09/2020

Description

The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.

Solution(s)

  • ubuntu-upgrade-linux-image-2-6-24-28-386
  • ubuntu-upgrade-linux-image-2-6-24-28-generic
  • ubuntu-upgrade-linux-image-2-6-24-28-hppa32
  • ubuntu-upgrade-linux-image-2-6-24-28-hppa64
  • ubuntu-upgrade-linux-image-2-6-24-28-itanium
  • ubuntu-upgrade-linux-image-2-6-24-28-lpia
  • ubuntu-upgrade-linux-image-2-6-24-28-lpiacompat
  • ubuntu-upgrade-linux-image-2-6-24-28-mckinley
  • ubuntu-upgrade-linux-image-2-6-24-28-openvz
  • ubuntu-upgrade-linux-image-2-6-24-28-powerpc
  • ubuntu-upgrade-linux-image-2-6-24-28-powerpc-smp
  • ubuntu-upgrade-linux-image-2-6-24-28-powerpc64-smp
  • ubuntu-upgrade-linux-image-2-6-24-28-rt
  • ubuntu-upgrade-linux-image-2-6-24-28-server
  • ubuntu-upgrade-linux-image-2-6-24-28-sparc64
  • ubuntu-upgrade-linux-image-2-6-24-28-sparc64-smp
  • ubuntu-upgrade-linux-image-2-6-24-28-virtual
  • ubuntu-upgrade-linux-image-2-6-24-28-xen
  • ubuntu-upgrade-linux-image-2-6-28-19-generic
  • ubuntu-upgrade-linux-image-2-6-28-19-imx51
  • ubuntu-upgrade-linux-image-2-6-28-19-iop32x
  • ubuntu-upgrade-linux-image-2-6-28-19-ixp4xx
  • ubuntu-upgrade-linux-image-2-6-28-19-lpia
  • ubuntu-upgrade-linux-image-2-6-28-19-server
  • ubuntu-upgrade-linux-image-2-6-28-19-versatile
  • ubuntu-upgrade-linux-image-2-6-28-19-virtual
  • ubuntu-upgrade-linux-image-2-6-31-22-386
  • ubuntu-upgrade-linux-image-2-6-31-22-generic
  • ubuntu-upgrade-linux-image-2-6-31-22-generic-pae
  • ubuntu-upgrade-linux-image-2-6-31-22-ia64
  • ubuntu-upgrade-linux-image-2-6-31-22-lpia
  • ubuntu-upgrade-linux-image-2-6-31-22-powerpc
  • ubuntu-upgrade-linux-image-2-6-31-22-powerpc-smp
  • ubuntu-upgrade-linux-image-2-6-31-22-powerpc64-smp
  • ubuntu-upgrade-linux-image-2-6-31-22-server
  • ubuntu-upgrade-linux-image-2-6-31-22-sparc64
  • ubuntu-upgrade-linux-image-2-6-31-22-sparc64-smp
  • ubuntu-upgrade-linux-image-2-6-31-22-virtual
  • ubuntu-upgrade-linux-image-2-6-32-24-386
  • ubuntu-upgrade-linux-image-2-6-32-24-386-dbgsym
  • ubuntu-upgrade-linux-image-2-6-32-24-generic
  • ubuntu-upgrade-linux-image-2-6-32-24-generic-dbgsym
  • ubuntu-upgrade-linux-image-2-6-32-24-generic-pae
  • ubuntu-upgrade-linux-image-2-6-32-24-generic-pae-dbgsym
  • ubuntu-upgrade-linux-image-2-6-32-24-ia64
  • ubuntu-upgrade-linux-image-2-6-32-24-ia64-dbgsym
  • ubuntu-upgrade-linux-image-2-6-32-24-lpia
  • ubuntu-upgrade-linux-image-2-6-32-24-lpia-dbgsym
  • ubuntu-upgrade-linux-image-2-6-32-24-powerpc
  • ubuntu-upgrade-linux-image-2-6-32-24-powerpc-dbgsym
  • ubuntu-upgrade-linux-image-2-6-32-24-powerpc-smp
  • ubuntu-upgrade-linux-image-2-6-32-24-powerpc-smp-dbgsym
  • ubuntu-upgrade-linux-image-2-6-32-24-powerpc64-smp
  • ubuntu-upgrade-linux-image-2-6-32-24-powerpc64-smp-dbgsym
  • ubuntu-upgrade-linux-image-2-6-32-24-preempt
  • ubuntu-upgrade-linux-image-2-6-32-24-preempt-dbgsym
  • ubuntu-upgrade-linux-image-2-6-32-24-server
  • ubuntu-upgrade-linux-image-2-6-32-24-server-dbgsym
  • ubuntu-upgrade-linux-image-2-6-32-24-sparc64
  • ubuntu-upgrade-linux-image-2-6-32-24-sparc64-dbgsym
  • ubuntu-upgrade-linux-image-2-6-32-24-sparc64-smp
  • ubuntu-upgrade-linux-image-2-6-32-24-sparc64-smp-dbgsym
  • ubuntu-upgrade-linux-image-2-6-32-24-versatile
  • ubuntu-upgrade-linux-image-2-6-32-24-versatile-dbgsym
  • ubuntu-upgrade-linux-image-2-6-32-24-virtual

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;