Linux amd64 kernel vulnerability

2004-12-1700:00:00

ubuntu.com

6.2 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

28.4%

JSON

Releases

Ubuntu 4.10

Details

USN-30-1 fixed several flaws in the Linux ELF binary loader’s handling
of setuid binaries. Unfortunately it was found that these patches were
not sufficient to prevent all possible attacks on 64-bit platforms, so
previous amd64 kernel images were still vulnerable to root privilege
escalation if setuid binaries were run under certain conditions.

This issue does not affect the i386 and powerpc platforms.

OSVersionArchitecturePackageVersionFilename
Ubuntu4.10noarchlinux-image-2.6.8.1-4-amd64-k8< *UNKNOWN
Ubuntu4.10noarchlinux-image-2.6.8.1-4-amd64-generic< *UNKNOWN
Ubuntu4.10noarchlinux-image-2.6.8.1-4-amd64-k8-smp< *UNKNOWN
Ubuntu4.10noarchlinux-image-2.6.8.1-4-amd64-xeon< *UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	4.10	noarch	linux-image-2.6.8.1-4-amd64-k8	< *	UNKNOWN
Ubuntu	4.10	noarch	linux-image-2.6.8.1-4-amd64-generic	< *	UNKNOWN
Ubuntu	4.10	noarch	linux-image-2.6.8.1-4-amd64-k8-smp	< *	UNKNOWN
Ubuntu	4.10	noarch	linux-image-2.6.8.1-4-amd64-xeon	< *	UNKNOWN