Does CVE-2010-3301 affect Red Hat Enterprise Linux?
Issue
The flaw identified by CVE-2010-3301 (Red Hat Bugzilla bug 634449) describes a flaw in the IA32 system call emulation provided in 64-bit Linux kernels, versions 2.6.27-rc1 to 2.6.36-rc4. An improperly validated 64-bit value could be stored in the %rax register, which could trigger an out-of-bounds system call table access. A local user could use this flaw to escalate their privileges. This is a regression of CVE-2007-4573. It was re-introduced by upstream git commit d4d67150, and was later addressed via the upstream git commits 36d001c7 and eefdca04 for the 2.6 Linux kernel.
This flaw was made public at a similar time as CVE-2010-3081. If this is not the article you are looking for, try Does CVE-2010-3081 affect Red Hat Enterprise Linux? instead.
Solution
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG, as they do not contain the upstream commit d4d67150 that introduced this flaw.
Comments