Lucene search

K
centosCentOS ProjectCESA-2007:0937
HistorySep 28, 2007 - 3:13 a.m.

kernel security update

2007-09-2803:13:34
CentOS Project
lists.centos.org
65

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

CentOS Errata and Security Advisory CESA-2007:0937

The Linux kernel handles the basic functions of the operating system.

A flaw was found in the IA32 system call emulation provided on AMD64 and
Intel 64 platforms. An improperly validated 64-bit value could be stored in
the %RAX register, which could trigger an out-of-bounds system call table
access. An untrusted local user could exploit this flaw to run code in the
kernel (ie a root privilege escalation). (CVE-2007-4573).

Red Hat would like to thank Wojciech Purczynski for reporting this issue.

Red Hat Enterprise Linux 4 users are advised to upgrade to these packages,
which contain a backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-September/076413.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076421.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076426.html
https://lists.centos.org/pipermail/centos-announce/2007-September/076427.html

Affected packages:
kernel
kernel-devel
kernel-doc
kernel-hugemem
kernel-hugemem-devel
kernel-largesmp
kernel-largesmp-devel
kernel-smp
kernel-smp-devel
kernel-xenU
kernel-xenU-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0937

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

Related for CESA-2007:0937