6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.028 Low
EPSS
Percentile
89.6%
The Linux kernel handles the basic functions of the operating system.
These new kernel packages contain fixes for the following security issues:
a flaw in the DRM driver for Intel graphics cards that allowed a local
user to access any part of the main memory. To access the DRM functionality
a user must have access to the X server which is granted through the
graphical login. This also only affected systems with an Intel 965 or later
graphic chipset. (CVE-2007-3851, Important)
a flaw in the VFAT compat ioctl handling on 64-bit systems that allowed a
local user to corrupt a kernel_dirent struct and cause a denial of service
(system crash). (CVE-2007-2878, Important)
a flaw in the connection tracking support for SCTP that allowed a remote
user to cause a denial of service by dereferencing a NULL pointer.
(CVE-2007-2876, Important)
flaw in the CIFS filesystem which could cause the umask values of a
process to not be honored. This affected CIFS filesystems where the Unix
extensions are supported. (CVE-2007-3740, Important)
a flaw in the stack expansion when using the hugetlb kernel on PowerPC
systems that allowed a local user to cause a denial of service.
(CVE-2007-3739, Moderate)
a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a
denial of service or potential remote access. Exploitation would require
the attacker to be able to send arbitrary frames over the ISDN network to
the victim’s machine. (CVE-2007-1217, Moderate)
a flaw in the cpuset support that allowed a local user to obtain
sensitive information from kernel memory. To exploit this the cpuset
filesystem would have to already be mounted. (CVE-2007-2875, Moderate)
a flaw in the CIFS handling of the mount option “sec=” that didn’t enable
integrity checking and didn’t produce any error message. (CVE-2007-3843,
Low)
Red Hat Enterprise Linux 5 users are advised to upgrade to these packages,
which contain backported patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | i686 | kernel-xen-devel | < 2.6.18-8.1.10.el5 | kernel-xen-devel-2.6.18-8.1.10.el5.i686.rpm |
RedHat | 5 | noarch | kernel-doc | < 2.6.18-8.1.10.el5 | kernel-doc-2.6.18-8.1.10.el5.noarch.rpm |
RedHat | 5 | i686 | kernel | < 2.6.18-8.1.10.el5 | kernel-2.6.18-8.1.10.el5.i686.rpm |
RedHat | 5 | x86_64 | kernel-headers | < 2.6.18-8.1.10.el5 | kernel-headers-2.6.18-8.1.10.el5.x86_64.rpm |
RedHat | 5 | ppc | kernel-headers | < 2.6.18-8.1.10.el5 | kernel-headers-2.6.18-8.1.10.el5.ppc.rpm |
RedHat | 5 | s390x | kernel | < 2.6.18-8.1.10.el5 | kernel-2.6.18-8.1.10.el5.s390x.rpm |
RedHat | 5 | ia64 | kernel-xen | < 2.6.18-8.1.10.el5 | kernel-xen-2.6.18-8.1.10.el5.ia64.rpm |
RedHat | 5 | x86_64 | kernel | < 2.6.18-8.1.10.el5 | kernel-2.6.18-8.1.10.el5.x86_64.rpm |
RedHat | 5 | ppc64 | kernel-kdump | < 2.6.18-8.1.10.el5 | kernel-kdump-2.6.18-8.1.10.el5.ppc64.rpm |
RedHat | 5 | i686 | kernel-devel | < 2.6.18-8.1.10.el5 | kernel-devel-2.6.18-8.1.10.el5.i686.rpm |