Your submission was sent successfully! Close

CVE-2007-4573

Published: 24 September 2007

The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.

Priority

High

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
hardy Not vulnerable
(2.6.22-13.40)
intrepid Not vulnerable
(2.6.22-13.40)
upstream
Released (2.6.22.6)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-29.60)
upstream Needs triage

linux-source-2.6.17
Launchpad, Ubuntu, Debian
edgy
Released (2.6.17.1-12.41)
upstream Needs triage

linux-source-2.6.20
Launchpad, Ubuntu, Debian
feisty
Released (2.6.20-16.32)
upstream Needs triage

linux-source-2.6.22
Launchpad, Ubuntu, Debian
gutsy
Released (2.6.22-13.40)
upstream Needs triage

xen-source
Launchpad, Ubuntu, Debian
feisty
Released (2.6.19-2ubuntu7.1)
gutsy Needed
(reached end-of-life)
hardy Does not exist

intrepid Does not exist

upstream Needs triage