CVE-2007-4573

2007-09-2400:00:00

ubuntu.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

The IA32 system call emulation functionality in Linux kernel 2.4.x and
2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not
zero extend the eax register after the 32bit entry path to ptrace is used,
which might allow local users to gain privileges by triggering an
out-of-bounds access to the system call table using the %RAX register.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchlinux-source-2.6.15< 2.6.15-29.60UNKNOWN
ubuntu6.10noarchlinux-source-2.6.17< 2.6.17.1-12.41UNKNOWN
ubuntu7.04noarchlinux-source-2.6.20< 2.6.20-16.32UNKNOWN
ubuntu7.10noarchlinux-source-2.6.22< 2.6.22-13.40UNKNOWN
ubuntu7.04noarchxen-source< 2.6.19-2ubuntu7.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	linux-source-2.6.15	< 2.6.15-29.60	UNKNOWN
ubuntu	6.10	noarch	linux-source-2.6.17	< 2.6.17.1-12.41	UNKNOWN
ubuntu	7.04	noarch	linux-source-2.6.20	< 2.6.20-16.32	UNKNOWN
ubuntu	7.10	noarch	linux-source-2.6.22	< 2.6.22-13.40	UNKNOWN
ubuntu	7.04	noarch	xen-source	< 2.6.19-2ubuntu7.1	UNKNOWN